ICO fines surge by 1580% in 2020 – 2021

ICO, the Information Commissioner’s Office, issued a cumulated amount of penalty notices of £42m during 2020 – 2021. During this period, there was an increase of 1580% in fines compared to the previous financial year. Amongst the recipients of some of the biggest fines are British Airways, which received a £20m fine due to deficient technical and organisational measures and Mariott International, which received a £18.4m fine over a data breach.

Read More on Infosecurity Magazine

British Airways has settled a 2018 data breach

British Airways suffered a data breach in 2018, when 420,000 of its staff and customers were victims of a personal information leak. The case has just been settled and victims are expected to receive a confidential compensation after mediation.

Read more about this on Reuters

British Airways Plans £3bn Breach Settlement

The UK's flag-carrier airline is said to be planning to begin settlement discussions that could see customers who became the victims of a data breach receive a compensation payout of up to £3bn.  

Exemplary cooperation between European data protection authorities, CNIL underlines

CNIL, the French DPA, comments on the recent fines issued by the UK DPA (the ICO) against Marriott and British Airways which are, so far, the highest fines ever issued for GDPR violations. The CNIL underlines on its website that in application of the cooperation mechanism provided for by the GDPR, the “one-stop shop”, the ICO draft decisions were sent to other European data protection authorities and hence were carefully examined by the CNIL.

The French DPA approved the draft decisions both in terms of the shortcomings retained and the amounts of the fines proposed. In particular, it considered that these substantial amounts were proportionate in view of the seriousness of the breaches observed.

The "one-stop-shop" thus makes it possible to reach major decisions with regard to processing operations implemented at European level, by implementing the mechanisms provided for in the GDPR.

ICO fines British Airways £20m for data breach affecting more than 400,000 customers

The website of the Information Commissioner’s Office (ICO) reports that the Authority has fined British Airways (BA) £20m for failing to protect the personal and financial details of more than 400,000 of its customers.

An ICO investigation found the airline was processing a significant amount of personal data without adequate security measures in place. This failure broke data protection law and, subsequently, BA was the subject of a cyber-attack during 2018, which it did not detect for more than two months.

ICO investigators found BA ought to have identified weaknesses in its security and resolved them with security measures that were available at the time.

Addressing these security issues would have prevented the 2018 cyber-attack being carried out in this way, investigators concluded.

British Airways may have another security problem already

One month after being hit with the ICO intetion to issue a huge fine over a data breach, British Airways has another security hole that could leave customers' private information exposed to hackers, according to new research.

ICO statement: Intention to fine British Airways £183.39m under GDPR for data breach

Following an extensive investigation the ICO has issued a notice of its intention to fine British Airways £183.39M for infringements of the General Data Protection Regulation (GDPR).

    Page 1 of 1