GDPR & Security - Why British Airways was charged £183 million this week

Posted by El Hammond on Jul 10, 2019 7:19:14 AM
Find me on:
LinkedIn

 

 

iStock-465352059

 

This week, the UK Information Commisioner’s Office dished out its biggest penalty to date to British Airways, for an avoidable cyber blunder. British Airways was fined more than £183 million (1.5% of their annual turnover) after hackers stole the personal information of an estimated 500,000 customers, including ‘login, payment card, name, address and travel booking information…harvested after being diverted to a fraudulent website’.

The real kicker for the UK’s mega airline, is that this gaffe wouldn’t have been nearly as financially traumatising just a few years ago. In 2014/2015, personal information of 87 million users was harvested for the Cambridge Analytica and Facebook was charged a paltry £500k for its part in the scandal.

At the time, half a million was the maximum fine legally permitted for such a security breach, based on the prevailing Data Protection Act. However, you could reasonably categorise this as a mere ‘slap on the wrist’ financially, as Facebook makes this figure in revenue roughly every 5 and a half minutes.

Now, it seems the game has substantially changed, as the ICO pull out the big guns. And rightly so for you and I.

Our fast-evolving digital age readily graces us with many perks, such as online shopping, long-distance communication, not to mention oceans of information on anything and everything at our fingertips. However, such privilege comes at a price. With innovation comes the opportunity for exploitation and the growth of cyber space makes plenty of room for a burgeoning torrent of budding hackers. Fuelled with malicious intent, they aim to abuse, manipulate and inconvenience you, for financial or sadistic gain.

First rule of Hack Club: ‘if there is a vulnerability, it will be exploited’.

iStock-109219562Lessons to learn

Whether it is ICO’s intention to make an example of British Airways and discourage others from becoming apathetic about adequate data management, there are some clear pointers we can all take from BA’s mistake.

  • There is never a good time for a bad fine
  • Do not mess with the ICO
  • Abide by General Data Protection Regulation
  • Correct Data handling is cheaper than the alternatives
  • Invest in cyber safety nets, systems and security to keep data personal!
Better safe than bankrupt. 

Topics: Security, GDPR

Powerful, Simple and Safe

Works like Magic

URIM makes your worklife easier. It’s a simple, powerful app that works on the principle that "knowledge is power". It takes the key information your mobile workforce needs and puts it at their fingertips.

 

 

Subscribe Here!

Recent Posts

Posts by Tag

Get In Touch!

130 Old Street, London, EC1V 9BD

sales@urim.app

UK Company Number: 11834782

ICO Reference: ZA509890

Additional Resources

© 2019 Urim. All Rights Reserved.