|
| Search for Cases |
|
Case Details |
|
|
|
|
Passenger Data Breach at British Airways |
|
|
|
|
| <<Previous Page |
EXCERPTS |
|
| |
|
On September 9, 2018, BA disclosed a data breach that had exposed customer data during booking transactions on its website and mobile application between August 21 and September 5. According to the airline, the breach compromised the names, addresses, email addresses, and sensitive payment card details of the passengers. Cruz condemned the breach without releasing specific details of the cyber-attack... |
| |
 |
| or |
 |
| or |
PayPal (8 USD)
|
|
|
| |
| |
| Rowenna Fielding (Fielding), senior data protection lead at data protection consultants Protecture, said, “The security principle (of the GDPR) required ‘appropriate technical and organizational measures’ to be taken to protect the integrity and confidentiality of personal data, and that will largely be ascertained by the ‘nature, scope and context of processing’ – for payment info on a public-facing website, one would expect robust security measures to be in place, which would need to include auditing of the site, security testing, and risk assessments,”... |
| |
| |
| As of September 2019, BA intended to appeal to the ICO with the submission that the “fine was disproportionate given it had co-operated fully, and there was no evidence the stolen card information was ever used by criminals”. According to Willie Walsh, CEO of BA’s parent company IAG, “We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.”.. |
| |
|
Exhibit I: BA’s Fleet as on July 30, 2019
Exhibit II: Destinations Covered by BA, as on July 30, 2019
Exhibit III: BA Revenues, as on December 2018 (US$ in billion)
|
| |
|
|
|
