Level 2

IAG's British Airways faces ?183m data breach penalty

By Duncan Ferris

Date: Monday 08 Jul 2019

IAG's British Airways faces ?183m data breach penalty

(Sharecast News) - IAG confirmed on Monday that its British Airways airline faces a proposed penalty notice of £183.4m from the UK Information Commissioner's Office (ICO) due to the theft of customer data from its website last year.

The proposed penalty, which represents 1.5% of British Airways' worldwide turnover for the financial year ended 31 December 2017, is related to data theft disclosed by the company on 6 September 2018 and 25 October 2018.

The data breaches saw hackers make away with data belonging to 429,000 British Airways online customers. The information included card numbers, expiry dates and CVV codes.

Alex Cruz, British Airways chairman and chief executive, said: "We are surprised and disappointed in this initial finding from the ICO. British Airways responded quickly to a criminal act to steal customers' data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused."

Willie Walsh, group chief executive of IAG, said the group intends to defend the airline's position "vigorously", including making any necessary appeals.

George Salmon, equity analyst at Hargreaves Lansdown, said: "£183m will make a pretty big dent in next year's numbers, but IAG should be able to withstand its impact as it's less than 10% of expected net profits and could yet be reduced on appeal. However, further breaches could be more costly. The ICO has the power to impose fines of as much as 4% of a business' revenue - which would have been close to £500m in this case."

IAG shares were down 1.01% at 451.90p at 0948 BST.


Email this article to a friend

or share it with one of these popular networks:

Top of Page