Back in September 2018, British Airways announced that they had been the victim of a cyber-attack, which saw hackers skim data of over 380,000 individuals through their website and mobile application.
Now, in November, British Airways owner IAG has followed up their announcement by saying that the “hackers may have stolen additional personal data”. BA believes that the card payment details of an additional 185,000 people have been stolen and that they are contacting two groups of customers that were not previously notified of the breach.
Within the additional 185,000 affected by the attack, includes 77,000 card payment holders, whose name, billing address, email address and card payment details were compromised, with this including their card number, expiry date and CVV (Card Verification Value) – the 3 digit number on the back of the card. The remaining 108,000 also had their personal information stolen, apart from their CVV number.
The people who were a victim of this data breach were those who made a reward booking between April 21st and July 28th 2018, who used a payment card.
This data breach has resulted in BA facing a fine of approximately £500 million, with the ICO now investigating the attack.
Under GDPR (General Data Protection Regulation), less severe breaches can result in a maximum monetary penalty of €10 million, or 2% of a company’s annual revenue, whichever is more. In more severe cases, the maximum fine is €20 million, or 4% of a company’s annual revenue.
If you handle the personal data of your customers, it’s vital that your business is GDPR compliant. If you need help in becoming GDPR compliant, Ghost IT will help you achieve compliance, and will improve the way that you handle your customer’s PII (Personally Identifiable Information).
We are data protection experts here at Ghost, and have already helped hundreds of organisations achieve compliance. We can offer Consultancy, Assessment and Compliance services to ensure that you avoid a hefty fine for being non-compliant.
For more information on how to take your first steps towards GDPR compliance, get in touch with Ghost IT on 01708 390 370 and speak with one of our data security professionals. Alternatively, you can find out more by visiting our GDPR compliance page.