British Airways transport company sanctioned by authorities for inappropriate customer data protection practices
Nearly 400,000 customers were victims of exposure to their bank data.
The conviction for this breach of the data protection of its customers amounts to nearly 22 million euros in fines or 20 million pounds. The fine was imposed by the Information Commissioner's Office, the UK's equivalent authority to the French National Commission for Computer Science and Freedoms, which is responsible for ensuring compliance with data protection rules.
This article will also interest you: Phishing: Bank data stolen once again
It should also be noted that the case has been going on since 2018. 400,000 customers of the British company had their financial data stolen by strangers during a cyberattack. The stolen data includes credit card numbers.
If the fine is severe in practice, it is particularly deserved given the seriousness of the fault. It would be lower than the one originally planned by the UK Data Protection Agency. This is partly because of the coronavirus pandemic that has shaken the British enterprise like several other sectors. The amount originally mentioned by the Information Commissioner's Office was 202 million euros, or 183 million pounds. Despite this downward trend, it is above all the highest fine imposed by the organization in the UK. The fine is calculated based on the revenue generated by the airline.
"People have entrusted their personal data to British Airways and British Airways has not taken adequate measures to protect this information," noted ICO Information Commissioner Elizabeth Denham. The charge that led to the fine was that the British company had not sufficiently put in place sufficient protocols to secure the personal data of its customers. The British Commission considers that "BA's actions were insufficient. The company should have performed computer attack simulations. It should have restricted access to only authorized persons and put in place a tightening of providers' access via dual-factor authentication, i.e. with the receipt of a secret code on its mobile to be re-established.
In detail, the attacker was able to access the personal data of 429,612 customers and staff of the company. This includes names, addresses, payment card numbers and CVV numbers (on the back of the card) for 244,000 customers. Card numbers and CVV were accessed for 77,000 customers and card numbers for only 108,000 customers. Finally, the accounts and identifiers of 612 ba Executive Club members were accessed. ». The organization mentions that stealing bank card numbers is dangerous for those affected, how much the 3 key figures have not been. Indeed we know that some online merchants such as Amazon accepts payment without required the 3 digits CVV
It is according to the guidelines of the General Regulation of Personal Data, european standard, that the breaches attributed to British Airways has been assessed. At the time of the events Britain was still a member of the European Union, which means that it is this standard that applies to the case.
Now access an unlimited number of passwords: