Mon, 12th Nov 2018
IAG has confirmed that a cyber attack on British Airways may have caused the data of 185,000 more customers to have been breached. Under the new data protection regulations, the airline could face a penalty of at least £17 million.
The airline group say that it is contacting two groups of customers who had not previously been notified, following an investigation into a breach that occurred earlier in the year. The details of 77,000 payment cards - including the names, billing addresses, card numbers, CVVs, expiry dates, and email addresses, could have been compromised.
In addition to that, a further 108,000 customer’s personal details were potentially compromised, but without the CVV data for the cards. The attack in question targeted those who had made a reward card booking and those who had booked using a card between the 21 April and 28 July 2018.
BA chief executive Alex Cruz says that the airline would compensate those whose financial information had been stolen British Airways is now facing a multi-million-pound fine as a result of the breach, and the Information Commissioner’s Office is also looking into the incident. The breach took place after the new General Data Protection Regulation provisions were added to the Data Protection Act. This means that the company could be hit with fines from £17 million up to as much as 4% of global turnover. If the ICO opts to take action this means that the company could face a fine of £500 million.