Tutti
← Back to Squawk list
British Airways Faces Massive £183 Million Fine Over Passenger Data Breach
British Airways (BA) is facing a hefty £183 million fine from the United Kingdom's Information Commissioner's Office (ICO), following the major data breach that hit the airline in 2018, where hackers accessed more than 500,000 passengers details. Alex Cruz, chairman, and chief executive of British Airways, admitted being "Surprised and Disappointed" with the action taken by the ICO. (airwaysmag.com) Altro...
Sort type: [Top] [Newest]
Interesting trend. "You had your house broken in to? Here's a fine for not having enough security. What's enough, you ask? We don't know we just want the money."
Ummm...big difference having 1's house broken into to having a data server system be hackable that contains customer info..2x. But if wr are analyzing here...house broke into in May, told to better secure to make it difficult/impossible. However, if said house was broken into a second time, in Sept., because you did not take steps to secure it better, that fine would be much higher insurance premiums. In this case, BA got hacked at least 2x.."once shame on the hackers, twice shame on BA".
What's enough to not get hacked..as much as it takes to not get hacked. And that fine really isn't that huge..it basically says the customers info is worth about 366 pounds each. Sorry but I think my personal and financial info is worth more than that.
What's enough to not get hacked..as much as it takes to not get hacked. And that fine really isn't that huge..it basically says the customers info is worth about 366 pounds each. Sorry but I think my personal and financial info is worth more than that.
I agree, but I think these fines are rather self defeating unless negligence can be proved. I've been in computer security for decades and know full well that you can follow the governments recommendations to the letter and still get hacked. If negligence can be proved - and it might be - then a fine is appropriate, but being fined for the mere fact of being a victim is not a good idea, and this is how the ICO currently seem to work - as a profit centre.
I think this says a lot thou "It is still not clear how the hackers accessed the data last year; however, the watchdog which regulates the GDPR law that came into effect last year, said that they found that the hackers were able to breach the site due to “inadequate security arrangments” from the airline." Remember BA got hacked earlier in the year, so that should have sent up a red flag to them..."find the back door NOW" Even if that meant air gapping the data server as a temporary solution. Companies should be stepping above government recommendations when it comes to data security, especially if monetary items are hacked such as CC's.
There are millions of hackers and only a few people in any security setup. Hackers can do as they like, IT departments have to obey the law. Hackers only need to succeed once, security staff need to be perfect every day. Maybe in ten years we can expect good security to be routinely applied - we're heading that way - but odds are currently loaded and in an unclear regulatory and standards environment, draconian fines are not the answer without VERY clear evidence of negligence. They may even impede communication and reporting.
The Government openly sell citizens data to all manner of companies, the CO is just a bankrolling operation for Whitehall
