You are here

British Airways faces US$230m fine over 2018 data theft

[LONDON] The UK has proposed fining British Airways 183.4 million pounds (S$313 million) over computer attacks last year that exposed customer data.

The penalty, proposed under the UK Data Protection Act, amounts to 1.5 per cent of the airline's 2017 revenue, parent IAG SA said in a statement on Monday. It was issued by the UK Information Commissioner's office, which protects data privacy.

"We are surprised and disappointed in this initial finding from the ICO," British Airways Chairman and Chief Executive Officer Alex Cruz said in the statement.

A hack that lasted from Aug. 21 through Sept. 5 last year affected at least 380,000 transactions, IAG has said previously, with intruders vacuuming up account numbers and personal information of customers making flight reservations from BA's website and its mobile app.

CEO Cruz has described the attack as a sophisticated, malicious and criminal. At the time, British Airways advised people to contact credit card providers to manage the breach. The stolen data didn't include travel or passport details.

Mr Cruz said Monday the airline responded quickly and hasn't found any evidence of fraud on accounts linked to the theft.

"We intend to take all appropriate steps to defend the airline's position vigorously, including making any necessary appeals," IAG CEO Willie Walsh said in the statement.