Following an extensive investigation, the Information Commissioner’s Office (ICO) has issued a notice of its intention to fine British Airways £183.39 million for infringements of the General Data Protection Regulation (GDPR). As reported by Risk Xtra in great detail at the time, the proposed fine relates to a cyber incident notified to the ICO by British Airways in September 2018.
This incident in part involved user traffic to the British Airways website being diverted to a fraudulent site. Through this false site, customer details were harvested by the attackers. The personal data of approximately 500,000 customers were compromised in this incident, which is believed to have begun in June last year.