British Airways faces a fine of $230 million — 1.5% of its revenues in 2017 — for its failure to protect personal data of more than 300,000 customers from computer hackers who targeted the airline’s website and app last year.
It is the largest fine the United Kingdom’s Information Commissioner’s Office (ICO) has ever intended to slap on a company.
British Airways has 28 days to appeal against the ICO’s initial finding and quantum of fine.
International Airlines Group (IAG), the parent company of British Airways, said on Monday that it would defend the airline and appeal, if necessary.
Expressing his disappointment over the ICO’s finding, Alex Cruz, the chairman and CEO of British Airways, said the airlines acted quickly and found no evidence of fraud on the accounts targeted by the hackers.
Air passengers are becoming vulnerable to hackers after entering their passport data and credit card information while booking a flight online.
In the case of British Airways, customers were directed from the airlines’ website to a fraudulent site where user data was harvested.
Data security breach because of a company’s failure to protect its customer’s personal data invites heavy penalty under an EU law passed last year.