Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
IT Technology

British Airways Fined $26 Million Over Data Breach (bbc.com) 13

British Airways has been fined $26m by the Information Commissioner's Office (ICO) for a data breach which affected more than 400,000 customers. From a report: The breach took place in 2018 and affected both personal and credit card data. The fine is considerably smaller than the $236m that the ICO originally said it intended to issue back in 2019. It said "the economic impact of Covid-19" had been taken into account. However, it is still the largest penalty issued by the ICO to date. The incident took place when BA's systems were compromised by its attackers, and then modified to harvest customers' details as they were input. It was two months before BA was made aware of it by a security researcher, and then notified the ICO.
This discussion has been archived. No new comments can be posted.

British Airways Fined $26 Million Over Data Breach

Comments Filter:
  • by LenKagetsu ( 6196102 ) on Friday October 16, 2020 @01:12PM (#60615832)

    When do the victims get their £65 cut?

    • When do the victims get their £65 cut?

      The point of the fine is deterrence, not individual compensation.

      Everybody has been or will be a victim of a breach, so it makes some sense to just pay the fine to the government for the public benefit.

      • Government profits off the suffering of those who did no wrong. Business as usual.

        • The government does what it should - it punished British Airways.

          If the victims want restitution, they can sue British Airways - paying restitution for negligence is not the remit of the government.

          • I see, so I guess I don't have to prove anything since the government already ruled they were in the wrong. I expect beer money in my account first thing in the morning.

            • The government proved liability under information protection laws, the same laws which grant them ability to levy the fine.

              You on the other hand have to prove damages - thats going to be harder than you think.

  • And how much money did BA save in the years preceding the data breach by not implementing proper security that would have prevented said data breach? Genuinely asking as I have no idea but I'll bet it's rather more than $26 million. It needs to be more profitable (or less costly) to do security properly compared to not doing so and just paying the fine.
    • Genuinely asking as I have no idea but I'll bet it's rather more than $26 million.

      I don't think so.

      Good security isn't cheap, but it isn't that expensive.

      Hire a good security czar, train your people on best practices, and do regular testing.

      That will solve 90% of your security issues.

    • Only insiders could know the true cost of actually preventing the breach, but their IT costs are pretty high. British Airways are now the 'International Airlines Group' and according to their 2019 Annual Report [iairgroup.com] they paid out €811 million in IT supplier costs. The 2019 AR also points out that figure is up 2.8% to cover compensation they were expecting to pay for the above breach.
  • Fake news (Score:4, Funny)

    by PPH ( 736903 ) on Friday October 16, 2020 @01:17PM (#60615854)

    British Airways can't keep their IT systems up long enough to lose 400,000 records.

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...