British Airways is facing a record fine of £183.39m for last year's breach of its security systems.
After detail reviews and investigations by the Information Commissioners Office, British Airways are facing a fine of £183m for security breaches. British Airways, owned by IAG, in reviewing the case brought by the ICO says it is "surprised and disappointed" by the penalty being put forward.
At the time of the breach, BA said hackers had carried out a "sophisticated, malicious criminal attack" on its website.
The ICO said it was the biggest penalty it had handed out under the General Data Protection Regulations and the first to be made public under new rules
The ICO said the incident took place after users of British Airways' website were diverted to a fraudulent site. Through this false site, details of about 500,000 customers were harvested by the attackers, the ICO said.
Information Commissioner Elizabeth Denham said: "People's personal data is just that - personal. When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience.
"That's why the law is clear - when you are entrusted with personal data, you must look after it. Those that don't will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights."
The incident was first disclosed on 6 September 2018 and BA had initially said approximately 380,000 transactions were affected, but the stolen data did not include travel or passport details. The ICO however will consider carefully the representations made by the company and the other concerned data protection authorities before it takes its final decision.
Details of the investigation can be found here