By John-Paul Ford Rojas, business reporter
The owner of British Airways is facing a fine of £183.4m after a data breach which saw personal details belonging to 500,000 people compromised.
The Information Commissioner's Office (ICO) has told the International Airlines Group (IAG) that BA will be penalised under the Data Protection Act, and that the fine will be equivalent to 1.5% of its worldwide turnover for 2017.
BA boss Alex Cruz said the airline was "surprised and disappointed" while IAG chief executive Willie Walsh said BA would make representations to the ICO about the scale of the fine, and could appeal it.
The record penalty is the first under tough new data protection rules that came into effect in 2018. Facebook was last year fined £500,000 by the ICO for a data breach under the old rules.
It follows the theft of customer data from BA's website, details of which were disclosed last autumn.
The ICO said the incident in part involved user traffic to the site being diverted to a fraudulent site, through which the data was "harvested" by cyber attackers.
It said personal data "of approximately 500,000 customers" was "compromised by this incident".
More from Business
The regulator said it had found a variety of information "was compromised by poor security arrangements at the company" including log in, payment card and travel booking details as well as name and address information.
Information commissioner Elizabeth Denham said: "People's personal data is just that – personal.
"When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience.
"That's why the law is clear – when you are entrusted with personal data you must look after it.
"Those that don't will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights."
BA first said in September that the details of 380,000 customers had been compromised in a data theft between 21 August and 5 September, after hackers targeted users of BA.com and its mobile app – though it later said a smaller number, 244,000, were affected by this breach.
In October, a further group of 185,000 customers were notified over a cyber attack targeting people making reward bookings and those who used a payment card between 21 April and 28 July last year.
BA has apologised to those affected, many of whom had to cancel their credit cards, and Read More – Source