British Airways is facing a record fine of £183 million in relation to last year’s breach of its security systems.
“We are surprised and disappointed in this initial finding from the ICO. British Airways responded quickly to a criminal act to steal customers’ data,” British Airways chairman and chief executive officer Alex Cruz, said.
“We have found no evidence of fraud/fraudulent activity on accounts linked to the theft.”
The proposed fine relates to a cyber incident notified to the ICO by British Airways in September 2018. This incident in part involved user traffic to the British Airways website being diverted to a fraudulent site.
Through this false site, customer details were harvested by the attackers. Personal data of approximately 500,000 customers were compromised in this incident, which is believed to have begun in June 2018.
The ICO said it was the biggest penalty it had ever handed out and the first to be made public under new rules.
BA has 28 days to appeal. Willie Walsh, chief executive of IAG, said British Airways would be making representations to the ICO.
“We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals,” he said.