The record £183m fine issued to British Airways for a serious 2018 data breach was reduced to £20m in light of the Covid-19 crisis.
Back in July 2019, British Airways was the victim of a very serious data breach involving the personal details and credit card information of over 400,000 customers. The Information Commissioner's Office (ICO) issued a record-breaking fine of £183m to the company under the new European General Data Protection Regulation (GDPR).
GDPR carries a maximum fine of €10-20m EUR or 2-4% of annual global turnover (whichever is higher) for serious breaches that are ruled to be the company's fault, significantly higher than the £500,000 maximum the ICO was previously limited to fining companies. The £183m fine would have been the largest issued under GDPR to date.
RELATED: British Airways hit with £183m GDPR fine for data breach
The ICO has now issued the actual fine following lengthy discussions with the parties involved, and has elected to dramatically reduce the charge to £20m. This is still the largest single fine that the ICO has ever issued and sends a clear message to large companies that data security must take priority. The reduction was carried out in part to reflect the reduced income of the company due to Covid-19.
The British Airways breach was caused by the company's poor code maintenance practices, as the company's website was running an old version of the third party software library Modernizr that had a known vulnerability. That vulnerability was exploited by attackers, who captured user data directly from the website itself.
RELATED: British Airways breach: Old third-party software was to blame
Source: BBC News
