British Airways GDPR fine for data breach

Authorities are taking cyber security seriously by issuing the largest fine for a data breach since the inception of the General Data Protection Regulation (GDPR). British Airways suffered a breach a year ago and has now been hit with a record $229 million in US dollars or £183m. This is far from the largest data breach that has occurred, but the GDPR Laws are beginning to put companies in the hot seat for mishandling consumer data.

How did the Breach Occur?

The breach was speculated to have begun in June 2018 and was discovered in September of the same year. It was the result of a fraudulent website created by what is believed to be the same group of cyber criminals that attacked Ticketmaster. Web-users were directed to a fraudulent site where they entered their financial information and other personal details in order to book a flight. As they did such, the hackers on the other end could see the data as it was being entered. Information that was taken includes:

  • Names
  • Bank card numbers
  • Expiration dates
  • Credit Card Numbers
  • CVV codes
  • Email Addresses

Roughly 500,000 people had their information collected by these hackers. British Airways claims there is no evidence that any of the information has been used to make unauthorized purchases.

Lack of Security Costs Companies More than Cash

The GDPR Laws came into existence last year and require that companies notify authorities of a data breach, create terms of agreement that consumers can clearly understand, and most detrimental to a company: heavily fine companies for not protecting personal data. This recent charge to British Airways is the largest fine that has been issued and the first to go public since the European Union created the GDPR rules.

The maximum amount of money that a company can be charged is 4% of its turnover. While British Airways was only charged 1.5% of their turnover, it still quickly adds up to a pretty penny. While they may be somewhat lucky they were not charged the maximum, with the fine going public, it could seriously harm the business’ reputation for protecting consumer’s personal information.

The Airways have 28 days to appeal the fine and the Chief Executive of IAG, who owns British Airways, says they plan to do just that. The company notified the proper authorities of the breach within 24 hours and claimed that they were the victim of a malicious criminal act.

Moving Forward in the Age of Digital Security

GDPR compliance is no joke and this fine is a warning to other businesses to increase their own cybersecurity methods. With hackers are constantly scouring the internet to expose vulnerabilities, the best solution is to keep your most sensitive information in cold storage away from the hotbed of online activity.

The hardware encrypted SecureDrives can store up to 8 TB of personal data in a secure format. The KP model can only be unlocked by entering a PIN via the wear-resistant keypad. The BT model can only be unlocked by using an app on a mobile device and can even be unlocked using biometric indicators on your Android or iOS device. With brute force anti-hacking technology, the device will be wiped clean after 10 consecutive failed password entries.

To learn more about how the SecureDrives can easily store your personal information, cryptocurrency, travel documents, and more call 1-800-875-3230.