The British Airways airline is being fined £ 20 million (close to R $ 145 million) for being the target of a massive data leak that affected thousands of consumers. First stipulated at around £ 183 million, the value was reduced due to the “economic impact of covid-19” and other factors.
In 2018, British Airways was the target of a hacker attack that exposed personal and credit card details of 400,000 consumers. The company’s internal systems were compromised by the attackers, who soon went to the users’ information – login, payment details, itinerary details, full names and addresses – and violated their integrity.
According to the Information Commissioner’s Office (ICO), the body responsible for protecting public data, the system that operated on British Airways’ servers did not have important security mechanisms – such as multi-factor authentication – even if they were already available in the software of the British Airways. Microsoft contained in the machines.
“When organizations make the wrong decisions about other people’s personal data, it can have a real impact on their lives. The law now gives us tools that encourage more efficient decision-making when it comes to data, including investments in up-to-date security technologies, ”commented Elizabeth Denman, an ICO member.
Previously, the case drew worldwide attention for the record amount of the fine and for setting precedents. At the time, British Airways said it would appeal the fine, claiming to have “responded quickly to the criminal act of data theft” and “not finding evidence of fraud or fraudulent activity in accounts linked to theft”.
Two years later, the final fine was reduced significantly, saving the company £ 163 million. A spokesman publicly commented on the decision and describes that the company “is grateful for ICO’s recognition of the improvements to the security system and for the company’s cooperation in investigations.”