British Airways is set to be fined £183m following a breach of its Cyber Security systems.
It is the biggest penalty handed out by the Information Commissioner’s Office (ICO) since Facebook payed £500,000 for its role in the Cambridge Analytica data scandal.
That was the maximum allowed under the old data protections that applied before the General Data Protection Regulation (GDPR) came into force last year.
Organisations can be fined 4% of turnover under the new rules. It is also now mandatory to report data security breaches to the ICO.
At 1.5% of their worldwide turnover, BA will be paying less than the possible maximum. They also have 28 days to appeal the decision.
The ICO claim the incident begun in June 2018, when users of the official British Airways website were diverted to a fraudulent site. The details of about 500,000 customers were then harvested by the attackers.
A variety of information was compromised. This includes log in, payment card, and travel booking details as well as name and address information.
The airline first disclosed the incident September 2018 and promised to compensate customers who lost money.
Willie Walsh, chief executive of British Airways owners IAG, says they will be presenting their case to the ICO.
“We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals,” he said.
Meanwhile the international hotel group Marriott also face a huge fine after hackers stole records of 339 million guests.
In November, Marriott International admitted that personal data had been stolen following a hack on guest records. This included credit card details, passport numbers and dates of birth.
The ICO has slapped Marriott with a £99.2m fine, claiming that they should have done more to make sure its IT systems were secure.
“The GDPR makes it clear that organisations must be accountable for the personal data they hold,” said Elizabeth Denham, the information commissioner.
“This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but how it is protected.”
With these fines, the ICO is sending out a warning to all businesses to get their Cyber Security systems in order or face the consequences, both financial and reputational.
Keeping cyber criminals at bay is a challenging process, especially given the rate at which attacks are growing, both in terms of their frequency and sophistication.
As technology evolves so do the ways in which hackers can breach defences and steal data – but now is not the time for to be taking risks or shortcuts.
That’s why demand for individuals for possessing the skills and experience needed to protect digital assets is currently soaring. In fact, it has been predicted that there will be more than 3.5 million unfilled Cyber Security positions by 2021.
To find out how we can help you take advantage of this skills gap give us a call on 020 3965 1966 send us a message below or read more here.