BA may pay only £20m for data breach
BRITISH AIRWAYS expects the £183m fine for breaching data rules to be written down by almost 90pc.
The Information Commissioner’s Office signalled its intention to fine the airline in July last year after hundreds of thousands of customers’ financial details were stolen during a cyberattack in 2018. The ICO said the airline was compromised by “poor security arrangements” when it unveiled the penalty – one of the first of its kind following the introduction of the GDPR rules.
BA expects the fine to be reduced considerably, a statement included in the interim results of parent company IAG said on Friday.
IAG said there had been an exceptional expense of €22m (£20.1m) set aside in relation to the “theft of customer data at British Airways
in 2018”. The company said it was management’s “best estimate” of the amount of “any penalty issued by the ICO” and that the process was “ongoing”.
Judy Krieg, privacy partner at law firm Fieldfisher, said the figure did not “come out of thin air”.
An ICO spokesman said: “The regulatory process is ongoing and we will not be commenting until it has concluded.”