British Airways is facing a $230 million fine after a website failure copromised the personal details of over 500,000 customers. This would be the largest penalty yet under a tough privacy rule known as the General Data Protection Regulation, which came into force last year in the European Union. It is believed that weak security allowed user traffic to be diverted from the airways website to a fraudulent page. Customer information that was compromised included travel booking details, log ins and payment cards. People believe that an organization is supposed to protect your data and failure to do so is more than an inconvenience. However, the fine is roughly 1.5% of British Airways’ annual revenue. The carrier, which is owned by IAG, said it would fight the penalty.
“We are surprised and disappointed in this initial finding,” British Airways CEO Alex Cruz said in a statement.
“British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud or fraudulent activity on accounts linked to the theft,” he added. British Airways has 28 days to appeal. It is up to individuals to claim their money from British Airways, which by the way provided no information on whether it will compensate or not. However, British Airways apologized for the inconvenience to its customers.