British Airways has been issued a £20m fine by the Information Commissioner’s Office (ICO).
The fine has been reduced from £183m as investigators took into account the airline’s financial difficulties amid the pandemic. Despite the reduction, it is still the largest fine issued by the ICO.
The fine is after the 2018 incident where over 400,000 customers’ personal details were compromised by hackers.
Elizabeth Denham, the information commissioner, said: “People entrusted their personal details to BA and BA failed to take adequate measures to keep those details secure.
“Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result. That’s why we have issued BA with a £20 million fine – our biggest to date.
“When organisations take poor decisions around people’s personal data, that can have a real impact on people’s lives. The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security,” Denham added.
A spokesman from British Airways said: “We alerted customers as soon as we became aware of the criminal attack on our systems in 2018 and are sorry we fell short of our customers’ expectations.
“We are pleased the ICO recognises that we have made considerable improvements to the security of our systems since the attack and that we fully cooperated with its investigation.”