IAG, the owner of British Airways could be forced to cough out about $230 million in fines after the airline lost 500,000 of its customer data last year.
A statement released earlier today by the UK’s Information Commissioner Elizabeth Denham said: “People’s personal data is just that – personal.”
“When an organization fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it.”
BA’s chairman and chief executive Alex Cruz said he was “surprised and disappointed” by the proposed penalty.
“British Airways responded quickly to a criminal act to steal customers’ data,” he said.
“We have found no evidence of fraud/fraudulent activity on accounts linked to the theft.”
Willie Walsh, CEO of parent company IAG, said BA would be making representations to the ICO about the proposed fine.
“We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals,” he said.
The fine which is 1.5% of British Airways’ 2017 worldwide turnover for the data breach was blamed on poor security arrangements at the airline by the UK’s Information Commissioner’s Office.