British Airways faces record £183.39M fine for data breach

Largest intended fine on a company since GDPR came into effect.


British Airways faces a record fine of £183.39 million for a data breach which happened last year. Following an extensive investigation the Information Commissioner’s Office (ICO) has issued a notice of its intention to fine British Airways £183.39M for infringements of the General Data Protection Regulation (GDPR).

Confidential information of about 500,000 British Airways customers was harvested by hackers as a result of poor security practices by the airline.

The information leaked included people’s names, email addresses, credit card information such as credit card numbers, expiry dates and the three-digit CVV codes. The airlines also said that the stolen data did not include travel or passport details.

The ICO says that the incident was believed to have begun in June 2018, and a variety of information was “compromised” due to the poor security arrangements at the company.

british airways fine - RapidGator - British Airways faces record £183.39M fine for data breach

The ICO also says that it is the biggest penalty it has handed out and the first to be made public under the new General Data Protection Regulation (GDPR), which came into effect in May last year.

Information Commissioner Elizabeth Denham said:

“People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data, you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights,”

According to the ICO, British Airways has cooperated with the ICO investigation and has made improvements to its security arrangements since these events came to light. The company will now have opportunity to make representations to the ICO as to the proposed findings and sanction.

british airways fine - RapidGator - British Airways faces record £183.39M fine for data breach

At this stage the fine is merely a notice of intention by the ICO and the company will now have opportunity to make representations to the ICO as to the proposed findings and sanction. The ICO will consider carefully the representations made by the company and the other concerned data protection authorities before it takes its final decision.

The airline says it is “surprised and disappointed” by the penalty from the watchdog.

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.


By continuing to use our site or clicking Agree, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.


You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.


Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies are necessary for the website to function and enable essential services and functonality, including identify verification, service continuity and site security. Opt out is not availabe.

Essential Session management cookies for logged in users
  • wordpress_test_cookie
  • wordpress_logged_in_
  • wordpress_sec

For perfomance reasons we use Cloudflare as a CDN network. This saves a cookie "__cfduid" to apply security settings on a per-client basis. This cookie is strictly necessary for Cloudflare's security features and cannot be turned off.
  • __cfduid

Used by Spamshield to stop spam signups
  • _wpss_h_
  • _wpss_p_

NewsWire Service
  • BIGipServerwidget2_www_http

Decline all Services
Accept all Services