British Airways fined £183m after customers’ credit card details stolen in major hack

Simon Calder

July 8, 2019 at 1:46 AM

British Airways has been fined £183m for a data breach in which passengers credit-card data was stolen – but says there is no evidence of harm to passengers.The Information Commissioner’s Office (ICO) says it intends to issue the airline with a penalty notice under the Data Protection Act.The proposed penalty is £183.4m, representing 1.5 per cent of BA’s worldwide revenue in 2017.In September 2018, British Airways’ chairman and chief executive, Alex Cruz, revealed what he called “A very sophisticated, malicious attack”.Cyber criminals stole personal and financial information from hundreds of thousands of customers who booked direct with the airline over a two-week spell in August and early September.Details of payment cards, including the number, expiry date and three-digit security code or “card verification value” (CVV) were illegally extracted from the reservations system.The following month, BA said that passengers who had made bookings through its Avios scheme between April and July 2018 were also at risk.Customers were told: “If you believe you have been affected by this incident, then please contact your bank or credit card provider and follow their recommended advice.”The airline said it would indemnify customers who suffered financial harm.British Airways now says that it has been told of the fine by the ICO. Mr Cruz said: “We are surprised and disappointed in this initial finding from the ICO.British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. “We apologise to our customers for any inconvenience this event caused.”BA is part of the International Airlines Group, whose chief executive, Willie Walsh, said: “British Airways will be making representations to the ICO in relation to the proposed fine.“We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.”Under GDPR rules, fines can be up to four per cent of annual global revenue. BA's total revenue in the year to 31 December 2017 was £12.2bn, making the maximum possible fine £488m.After a cyber attack on TalkTalk in 2015, which affected fewer than half as many customers as the airline breach, the telecom firm was fined £400,000.The proposed penalty for British Airways is equivalent to just over £4 for each passenger expected to fly on BA this year.

Hundreds of British Airways passengers will arrive at their destination without their luggage after another failure of the baggage system at BA’s main base, Heathrow Terminal 5.The actor Eddie Izzard tweeted: “Luggage belts down at Heathrow Terminal 5. I hope BA can get this moving soon as passengers have been waiting a long time now.”The airline told The Independent: “We apologise to customers and our teams are working hard to minimise disruption after a baggage system issue slowed down customers dropping off their bags this morning.“A small number of flights left without all customers' baggage loaded.“We're in contact with those customers and their bags will be put on the next available flight to get them back to them as soon as possible.”Dan Maby tweeted: “Watching people frantically re-pack bags into hand luggage and being told by British Airways staff to leave their suitcase but they ‘can't guarantee the luggage will arrive at your destination’.”One passenger, who did not want to be named, reported that he queued for over an hour before his flight to New York. He later said: “The guys at Heathrow have hundreds of cases on the Tarmac with security around them and they are loading them by hand onto the plane.“Fingers crossed everybody will get the luggage.”British Airways, which operates almost all the flights in and out of Terminal 5, says that the problem has been fixed, but at least 25 flights left more than half-an-hour late. The delays could cause problems for the schedules in the afternoon and evening, on what is an extremely busy day.

British Airways fined £183m after customers’ credit card details stolen in major hack

British Airways has been fined £183m for a data breach in which passengers credit-card data was stolen – but says there is no evidence of harm to passengers.The Information Commissioner’s Office (ICO) says it intends to issue the airline with a penalty notice under the Data Protection Act.The proposed penalty is £183.4m, representing 1.5 per cent of BA’s worldwide revenue in 2017.In September 2018, British Airways’ chairman and chief executive, Alex Cruz, revealed what he called “A very sophisticated, malicious attack”.Cyber criminals stole personal and financial information from hundreds of thousands of customers who booked direct with the airline over a two-week spell in August and early September.Details of payment cards, including the number, expiry date and three-digit security code or “card verification value” (CVV) were illegally extracted from the reservations system.The following month, BA said that passengers who had made bookings through its Avios scheme between April and July 2018 were also at risk.Customers were told: “If you believe you have been affected by this incident, then please contact your bank or credit card provider and follow their recommended advice.”The airline said it would indemnify customers who suffered financial harm.British Airways now says that it has been told of the fine by the ICO. Mr Cruz said: “We are surprised and disappointed in this initial finding from the ICO.British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. “We apologise to our customers for any inconvenience this event caused.”BA is part of the International Airlines Group, whose chief executive, Willie Walsh, said: “British Airways will be making representations to the ICO in relation to the proposed fine.“We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.”Under GDPR rules, fines can be up to four per cent of annual global revenue. BA's total revenue in the year to 31 December 2017 was £12.2bn, making the maximum possible fine £488m.After a cyber attack on TalkTalk in 2015, which affected fewer than half as many customers as the airline breach, the telecom firm was fined £400,000.The proposed penalty for British Airways is equivalent to just over £4 for each passenger expected to fly on BA this year.

British Airways has been fined £183m for a data breach in which passengers credit-card data was stolen – but says there is no evidence of harm to passengers.

The Information Commissioner’s Office (ICO) says it intends to issue the airline with a penalty notice under the Data Protection Act.

The proposed penalty is £183.4m, representing 1.5 per cent of BA’s worldwide revenue in 2017.

In September 2018, British Airways’ chairman and chief executive, Alex Cruz, revealed what he called “A very sophisticated, malicious attack”.

Cyber criminals stole personal and financial information from hundreds of thousands of customers who booked direct with the airline over a two-week spell in August and early September.

Details of payment cards, including the number, expiry date and three-digit security code or “card verification value” (CVV) were illegally extracted from the reservations system.

The following month, BA said that passengers who had made bookings through its Avios scheme between April and July 2018 were also at risk.

Customers were told: “If you believe you have been affected by this incident, then please contact your bank or credit card provider and follow their recommended advice.”

The airline said it would indemnify customers who suffered financial harm.

British Airways now says that it has been told of the fine by the ICO.

Mr Cruz said: “We are surprised and disappointed in this initial finding from the ICO.

British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft.

“We apologise to our customers for any inconvenience this event caused.”

BA is part of the International Airlines Group, whose chief executive, Willie Walsh, said: “British Airways will be making representations to the ICO in relation to the proposed fine.

“We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.”

Under GDPR rules, fines can be up to four per cent of annual global revenue. BA's total revenue in the year to 31 December 2017 was £12.2bn, making the maximum possible fine £488m.

After a cyber attack on TalkTalk in 2015, which affected fewer than half as many customers as the airline breach, the telecom firm was fined £400,000.

The proposed penalty for British Airways is equivalent to just over £4 for each passenger expected to fly on BA this year.

Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Sports
Former NBA guard Darius Morris dies at 33
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Finance
Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'
Ryan says he would be writing in a Republican candidate instead of voting for Donald Trump.
Yahoo Sports
Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1
It’s key to note that we’re not saying the “best team” or “best roster.” Instead, we’re talking about the best confluence of factors that can outline a path for survival and then success.
Yahoo Sports
Phil Mickelson on the majors: 'What if none of the LIV players played?'
Phil Mickelson hints that big changes could be coming to LIV Golf's rosters, and the majors will need to pay attention.
Yahoo Sports
Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap
Jake Mintz & Jordan Shusterman discuss the Padres-Marlins trade that sent Luis Arraez to San Diego, as well as recap all the action from this weekend in baseball and send birthday wishes to hall-of-famer Willie Mays.
Yahoo Sports
Heat's Pat Riley unhappy with Jimmy Butler's remarks on Celtics and Knicks, implies he needs to play more
Miami Heat president Pat Riley rebuked comments Jimmy Butler made about the Boston Celtics and New York Knicks, while also implying that his star needs to play more.
Yahoo Sports
NBA playoffs: Officials admit they flubbed critical kick-ball call in controversial final minute of Pacers-Knicks
Tuesday's last-2-minute report should be interesting.
Yahoo Finance
Social Security just passed Medicare as the government's most pressing insolvency risk
An annual government report offered a glimmer of good news for Social Security and a jolt of good news for Medicare even as both programs continue to be on pace to run dry next decade.
Yahoo Sports
No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it
The quality was choppy, but it was better than what the WNBA had.
Yahoo Sports
The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024
Fantasy baseball analyst Dalton Del Don delivers his latest batch of hot takes as we enter Week 6 of the season.
Yahoo Sports
NBA playoffs: Predictions for Celtics-Cavaliers and every second-round series
Our NBA staff makes its picks for Knicks-Pacers and every second-round series.
Yahoo Celebrity
Dwayne Johnson is difficult to work with, report claims. The star has 'mountains of public goodwill' to offset negativity, expert says.
Once named the “Most Likable Person in the World,” the actor is under fire in a new report, accused of showing up to work late on the film “Red One,” irritating the crew and causing the budget to balloon.
Yahoo Sports
Ex-Ole Miss QB and Denver Broncos draft pick Chad Kelly suspended at least nine games by CFL
Kelly allegedly harassed a female strength and conditioning coach who sued him and the Toronto Argonauts in February.
Yahoo Sports
NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?
Which teams did the best in the NFL Draft?
Yahoo Sports
The best RBs for 2024 fantasy football according to our analysts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Autoblog
Edmunds bought a Fisker Ocean, warns others not to make the same mistake
Edmunds bought a Fisker Ocean and details the highs and lows of ownership while warning others not to make the same mistake.
Yahoo Sports
NFL Draft fashion: Caleb Williams, Malik Nabers dressed to impress, but Marvin Harrison Jr.'s medallion stole the show
Every player was dressed to impress at the 2024 NFL Draft.
Yahoo Sports
Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race
Race organizers say they'll revoke a Trump fundraiser's suite license if he holds an event for the former president on Sunday at the race.

News

Life

Entertainment

Finance

Sports

New on Yahoo

British Airways fined £183m after customers’ credit card details stolen in major hack

British Airways fined £183m after customers’ credit card details stolen in major hack

Recommended Stories

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

Former NBA guard Darius Morris dies at 33

The FDIC change that leaves wealthy bank depositors with less protection

Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'

Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1

Phil Mickelson on the majors: 'What if none of the LIV players played?'

Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap

Heat's Pat Riley unhappy with Jimmy Butler's remarks on Celtics and Knicks, implies he needs to play more

NBA playoffs: Officials admit they flubbed critical kick-ball call in controversial final minute of Pacers-Knicks

Social Security just passed Medicare as the government's most pressing insolvency risk

No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it

The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024

NBA playoffs: Predictions for Celtics-Cavaliers and every second-round series

Dwayne Johnson is difficult to work with, report claims. The star has 'mountains of public goodwill' to offset negativity, expert says.

Ex-Ole Miss QB and Denver Broncos draft pick Chad Kelly suspended at least nine games by CFL

NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?

The best RBs for 2024 fantasy football according to our analysts

Edmunds bought a Fisker Ocean, warns others not to make the same mistake

NFL Draft fashion: Caleb Williams, Malik Nabers dressed to impress, but Marvin Harrison Jr.'s medallion stole the show

Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race