British Airways-owner IAG is facing a record USD 230 million fine for the theft of data from 500,000 customers from its website last year under tough new data-protection rules policed by the UK’s Information Commissioner’s Office (ICO).
The ICO proposed a penalty of 183.4 million pounds, or 1.5 per cent of British Airways’ 2017 worldwide turnover, for the hack, which it said exposed poor security arrangements at the airline.
BA indicated that it planned to appeal against the fine, the product of European data protection rules, called GDPR, that came into force in 2018. They allow regulators to fine companies up to 4 per cent of their global turnover for data-protection failures.