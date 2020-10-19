Experts Reacted On News: British Airways Fined £20m For Data Breach

485 0
Dot Your Expert Comments
Facebook Twitter WhatsApp Google LinkedIn Email

British Airways has been fined £20m for failing to protect the personal and financial details of more than 400,000 customers, according to Business Live. This follows an investigation by the Information Commissioner’s Office (IC)) after the airline was the subject to a cyber-attack, which it did not detect for more than two months, in 2018. The attacker is believed to have potentially accessed the personal data of approximately 429,612 customers and staff, including names, addresses, payment card numbers, and CVV numbers of 244,000 BA customers. ICO investigators found that BA did not detect the attack on 22 June 2018 themselves but were alerted by a third party more than two months afterward on 5 September. Once they became aware BA acted promptly and notified the ICO. Although this fine is the biggest issued by the ICO to date, it is still just a fraction of the £183 million fine the organisation originally said it intended to issue in 2019.

EXPERTS COMMENTS
Piers Wilson, Head of Product Management ,  Huntsman Security
October 19, 2020
In a highly interconnected world, it's also not enough to have confidence in your own security.
£20m might seem a big fine and a major consequence of failing to secure data under GDPR, but it is much less than the ICO's original intended fine of £183m. Whether this was a result of clever bargaining by BA, the investigation process uncovering mitigating factors, an acknowledgment of the ravages of Covid-19 on the airline industry, or the ICO deliberately setting a high initial target with a ....
[Read More >>]
Joseph Carson, Thycotic,  Chief Security Scientist
October 19, 2020
Our job in cybersecurity is to make it difficult for criminals to protect the business and customers data.
The recent news recording another huge ICO (Information Commissioners Office) fine of £20m this time against British Airways for failing to protect the personal and financial details of more than 400,000 of its customers is another reminder to protect and secure privileged access as cybercriminals will allow look to gain privileged access as it allows them to move around the network and gain acce ....
[Read More >>]
Aman Johal, Lawyer and Director,  Your Lawyers
October 19, 2020
The fact that this agreed fine is a clear admission of liability from BA now cannot be ignored.
It is concerning that British Airways has been fined just £20m after a significant climb down from the ICO’s provisional intention to fine the airline £183m following their 2018 data breach. A reduction of £163m – almost 90% - means the final fine is a drop in the ocean for BA. The fact that this agreed fine is a clear admission of liability from BA now cannot be ignored. There is now no e ....
[Read More >>]
Matt Walmsley, EMEA Director,  Vectra
October 19, 2020
All defenses are ultimately imperfect.
Attackers invariably need to seek and gain privileged access. The details of the BA attack contained in the ICO’s report should serve as a salutary yet cautionary tale for security leaders and architects. Single-factor authentication VDI remote desktop services, storage of password in plain text and hardcoding credentials in scripts aiding lateral movement and privilege escalation, and a lack o ....
[Read More >>]
Stuart Reed, UK Director,  Orange Cyberdefense
October 19, 2020
Organisations are expected to demonstrate the best security practice at all times.
While the size of the fine may be smaller than many people expected, the impact on the airline in terms of customer trust could have an even bigger impact than the financial cost. The ICO found that the airline was processing a significant amount of personal data without adequate security measures in place is particularly damning. Organisations are expected to demonstrate the best security practi ....
[Read More >>]
Jake Moore, Cybersecurity Specialist,  ESET
October 19, 2020
Organisations must understand they cannot get away with compromising personal data.
Fines are, without a doubt, a necessary part of the data breach chain. Organisations must understand they cannot get away with compromising personal data – which will have potentially cost customers more than this initial fine. While some organisations view these fines simply as a potentially inevitable business cost, the fine issued must represent the real cost to customers and the situation th ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments
In this article