O Rourke Reid Lawfirm

Dublin Office
118 Baggot Street Lower
Dublin 2
D02 AW89
T: +353 1 240 1200 E: lex@orourkereid.com

Belfast Office
Forsyth House,
Cromac Square,
Belfast BT2 8LA
T: +44 28 90 511 281 E: lex@orourkereid.com

• Home
• About Us
• Practice Areas
• News and Publications
• Careers
• Contact Us
• Our Offices

GDPR Breach Costs British Airways

£183m fine

The Information Commissioner’s Office (UK) has imposed a fine of £183m on British Airways (owned by Parent Company IAG) for a breach of its Security Systems last year which BA blamed on hackers who they said carried out a “sophisticated, malicious criminal attach” on its website.

This is the largest fine imposed by the Information Commissioner’s Office and the first penalty it has made public under new rules. The fine represents 1.5% of the worldwide turnover of BA in 2017. The maximum possible fine is 4% of the Company’s worldwide turnover.

BA said it was “surprised and disappointed” by the fine. The Company has 28 days in which to appeal against this fine.

The Company said approximately 380,000 transactions were affected but the stolen data did not include travel or passport details. However the information stolen did include names, email addresses, credit card information such as credit card numbers, expiration dates and the 3-digit CVV code found on the back of credit cards. However BA said that it did not store CVV numbers. The breach of Security had been reported by BA to the Information Commissioner’s Office on 6th September 2018.

If you require any further detail or advice, please contact John Reid in O’Rourke Reid
Dial: +353 1 240 1200
Email: jreid@orourkereid.com

This document is for information purposes only and does not purport to represent legal advice.  
© O’Rourke Reid 2019