Call Originem: 0161 713 1730

Back to Blog

The media had gone quiet on the subject, however more incidents of data-breaches have come to light and those hefty fines that were suggested last year have started to be issued.

British Airways (BA) have received a record fine of £183m for last year’s breach of its security systems.

The penalty imposed on BA is the first one to be made public since the new data protection legislation was introduced, which make it mandatory to report data security breaches to the information commissioner. The ICO also increased the maximum penalty to 20 million Euros or 4% of annual worldwide turnover in the preceding financial year, whichever is higher.

The BA penalty amounts to 1.5% of its worldwide turnover in 2017, less than the possible maximum.


BA first disclosed on 6 September 2018 and initially said approximately 380,000 transactions were affected, but the stolen data did not include travel or passport details.

The ICO said the incident was believed to have begun in June 2018.

The watchdog said a variety of information was “compromised” by poor security arrangements at the company, including log in, payment card, and travel booking details as well as name and address information.

BA initially said information included names, email addresses, credit card information such as credit card numbers, expiration dates and the three-digit CVV code found on the back of credit cards, although BA has said it did not store CVV numbers.

The watchdog said BA had co-operated with its investigation and made improvements to its security arrangements.

This acts as timely reminder to all organisations who handle large amounts of data, to ensure processes are up to date and robust.

Call Originem: 0161 713 1730