British Airways announced it had been notified by the UK Information Commissioner’s Office that it intends to hit the airline with the fine because of the theft of people’s data from its website.
In a statement, IAG, the parent group that owns British Airways, said the airline will be issued with a penalty notice under the UK Data Protection Act, totalling £183.39 million
The data breach, described by BA as a “sophisticated, malicious criminal attack”, had continued for almost two weeks between August 21 and September 5.
The fine is the equivalent of 1.5 per cent of BA’s worldwide turnover for the financial year ending December 31.
By the time the airline discovered the website had been hacked, around 380,000 payments had been compromised. Stolen information did not include travel or passport details.
British Airways chairman Alex Cruz said the airline was “disappointed” by the initial finding.
He said: “British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft.
We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. ‘We apologise to our customers for any inconvenience this event caused.’ the airline said.