We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.

Strictly necessary cookies

Cookie name Duration Cookie purpose
ASP.NET_SessionId Session This cookie holds the current session id (OPPassessment only)
.ASPXANONYMOUS 2 Months Authentication to the site
LSI 1 Year To remember cookie preference for Law Society websites (www.lawsociety.ie, www.legalvacancies.ie, www.gazette.ie)
FTGServer 1 Hour Website content ( /CSS , /JS, /img )
_ga 2 Years Google Analytics
_gat Session Google Analytics
_git 1 Day Google Analytics
AptifyCSRFCookie Session Aptify CSRF Cookie
CSRFDefenseInDepthToken Session Aptify defence cookie
EB5Cookie Session Aptify eb5 login cookie

Functional cookies

Cookie name Duration Cookie purpose
Zendesk Local Storage Online Support
platform.twitter.com Local Storage Integrated Twitter feed

Marketing cookies

Cookie name Duration Cookie purpose
fr 3 Months Facebook Advertising - Used for Facebook Marketing
_fbp 3 months Used for facebook Marketing
Record fine for BA over data breach
Pic: Shutterstock

16 Oct 2020 / data law Print

Record fine for BA over data breach

The UK’s data watchdog has fined British Airways (BA) a record £20 million for failing to protect the personal and financial details of more than 400,000 of its customers from a cyber-attack in 2018.

An investigation by the Information Commissioner’s Office (ICO) found that the airline was processing a significant amount of personal data without adequate security measures in place.

“This failure broke data protection law and, subsequently, BA was the subject of a cyber-attack during 2018, which it did not detect for more than two months,” the ICO said in a statement.

Security weaknesses

The watchdog’s investigators found that BA ought to have identified weaknesses in its security and resolved them with security measures that were available at the time.

ICO investigators found that BA did not detect the attack on 22 June 2018 itself but was alerted by a third party more than two months afterwards.

The attacker is believed to have potentially accessed the personal data of around 429,612 customers and staff. This included names, addresses, payment card numbers and CVV numbers of 244,000 BA customers.

“Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result. That’s why we have issued BA with a £20m fine – our biggest to date,” said Information Commissioner Elizabeth Denham.

Because the BA breach happened in June 2018, before the UK left the EU, the ICO investigated on behalf of all EU authorities as lead supervisory authority under the GDPR.

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland