Case study: British Airways Data Breach Fine by ICO of £183.4million
ICO has announced today that after an extensive investigation it is intending to issue a fine of £184.39 million to British Airways for for infringements of the General Data Protection Regulation (GDPR).
In September 2018, British Airways has announced that there was a data breach and as many 500,000 customer records were stolen. A card skimming group called Magecart is believed to be behind the attack. The same group was involved in Ticker Master data breach. The group has exploited the scripts running on the website and used to steal the data.
What happens now? British Airways has 28 days to appeal against the decision and fight the case. I am 100% sure that they will appeal and try to reduce the fine amount. Regardless of what happens with this case the message is clear. The ICO is doing it's job and handing the fines if regulations are breached. It's time to take the security and privacy seriously in your organisation.
The GDPR fines are either 4% of the global turnover or £20Million whichever is the highest. For most of us, £20million fine would put us straight out of the business. Would you like to be known as the person that put your company out of business because you didn't take security seriously?
The best time to plant security is at the start and the second best time is now. Start today, look at what assets you have, classify them, assess the risk and start taking steps to minimise the risk. For most businesses Cyber Essentials, Cyber security policy, multi factor authentication, User education can be very good starting point and quick wins.
Get in touch if you need help.
A new Windows vulnerability actively exploited using phishing attacks
Early this month Microsoft has published a note on a critical vulnerability that allows attackers to fully gain access to the user device known as MSHTML remote code execution and CVE-2021-4...More
A look back at some recent major cyber breaches from the last few months - TRAVELEX
Cyber criminals demanded £4.6 million ($6 million) in ransom from Travelex after infecting its network with Sodinokibi ransomware,More
More than a third of Scottish businesses missing out on Cyber Essentials benefits
More than a third – 38% – of businesses in Scotland feel unprepared to deal with the impact of a cyber attack on their organisation, despite 66% believing that the issue of cyber securityMore
Panel Talk - Building cyber resilience in the education sector to mitigate the risk & impact
Panel Talk - Building cyber resilience in education to mitigate the risk & impact of cyber disruptions with early detection & quick recoveryMore
FOR LATEST UPDATES SUBSCRIBE HERE: