The Information Commissioner’s Office (ICO) has announced on Friday that British Airways has been fined £20m over the 2018 data hack.
The ICO investigators found that BA should have identified that weaknesses over security that enabled the hack to happen.
BA failed to protect that financial details of more than 400,000 customers, and the airline did not detect the hack for more than two months.
Information Commissioner Elizabeth Denham said, “People entrusted their personal details to BA, and BA failed to take adequate measures to keep those details secure.
“Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result.
“That’s why we have issued BA with a £20 million fine – our biggest to date.
“When organisations take poor decisions around people’s personal data, that can have a real impact on people’s lives.
“The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security.”