The UK’s Information Commissioner’s Office has slapped British Airways with a massive fine over a data breach that saw customer credit card data get stolen. It is the largest fine the office has ever handed out.
British Airways has been fined 183.4 million pounds ($230 million, €205 million) by the United Kingdom’s Information Commissioner’s Office (ICO) after computer hackers stole customer data last year, according to its parent company, International Airlines Group (IAG).
IAG said in a statement on Monday that the ICO intended to issue the penalty, which equated to 1.5% of its worldwide turnover for 2017, under the UK Data Protection Act.
The ICO said the penalty was the biggest it had ever handed out and the fine was the first to be made public under new rules.
British Airways revealed in September 2018 that computer hackers had carried out a “sophisticated, malicious criminal attack” on the airline’s website and app, and obtained the credit card details of some 380,000 customers.
The airline promised to “fully reimburse” affected customers and took out full-page advertisements in British newspapers to apologize for the cyberattack.
IAG’s other four airlines — Aer Lingus, Iberia, Level and Vueling — were not affected by the hack.