British Airways pays a penalty for data leak of 420,000 customers in 2018


British Airways (BA) has finally made a settlement with its customers by paying a compensation announced by the data watchdog in October 2020. The airliner paid the penalty for failing to protect its customer information from being accessed by hackers in 2018.

Going by the details, a malicious actor is reported to have gained access to an internal database of British Airways in between June 22 to September 5th, 2018 through a vulnerability observed in the Citrix Remote Access Gateway.

The infiltration was serious as the hacker used a digital skimming code of Magecart and collected personal card details of customers and staff belonging to the air transport firm and the stolen info includes names, addresses and card payment details.

As soon as the hack was discovered, a legal claim was filed by a legal firm PGMBM and the claim went through many court hearings for almost 16 months. In October 2020, British Airways was found guilty as it failed to protect the data spill of its customers through security measures that led to the hack.

Information Commissioner’s Office (ICO) finally announced that BA should pay a penalty of £180m to all its customers for violating the rules related to GDPR. Later, as the airliner was witnessing a business shutdown because of the COVID-19 lockdown, it made an appeal to the data watchdog after which; the penalty was slashed to £20 million.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display