In the Wake of the British Airways £3bn Breach Settlement: How Secure is Your Company Data?

In 2018, British Airways was at the centre of some very bad publicity, when it was discovered that two data breaches had occurred, compromising the personal information and financial details of thousands of customers.

The first incident involved around 185,000 reward-booking customers, while the second breach affected 380,000 users of the BA website and app. As well as personal details such as names, addresses and email addresses, the breach included the compromise of payment card information, including numbers, expiry dates and even the CCV code.

As you can imagine, one breach on this scale is bad but two within a few months of each other is even worse and the Information Commissioner’s Office (ICO) promptly took action by starting an investigation into the breach incidents. The issue related to the website and app was determined to be the result of a hacker setting up a fake website purporting to be the official British Airways website, diverting the user from the company website to the fake one.

The ICO concluded that British Airways was processing a significant amount of data without adequate security measures in place. The consequence of their findings was that they issued a notice of intention to fine BA to the sum of £183m, which was a record fine for a breach. However, following an appeal and further legal discussions, the penalty was later reduced to a £20m fine.

BA now facing a compensation settlement

As well as being required to pay the fine issued by the ICO, British Airways must now also face up to the possibility of compensating the affected customers. Any customer who has incurred damages as a result of one of the breaches may be entitled to claim for compensation from BA and according to several sources, the airline company could be looking at paying out up to £3bn in compensation.

According to the steering group of lawyers, British Airways have outlined their intentions of settling the claims in the first quarter of 2021. Some law firms are anticipating that affected customers are likely to receive compensation payouts of up to £16,000 in the most extremely affected cases, with the average payment being closer to £2,000. Many law companies are already canvassing to find breach victims who they can help to pursue compensation on behalf of.

BA is currently denying liability and it will come down to a judge to decide whether BA is, in fact, liable to the claimants, so once the court case has been settled, this could be the biggest ever data breach compensation settlement.

The importance of protecting data

Companies around the world will be eagerly awaiting the outcome of the case, with many other businesses around the world being subjected to similar hacking incidents. This is a growing threat for companies of all sizes, with cybercriminals more recently taking advantage of the opportunities that the health pandemic has presented to them.

One of the opportunities that have been taken advantage of is that more people are working from home and often this means that their security measures are easier to compromise compared to working from the office, using the company’s more secure IT infrastructure.

So, one of the priorities for companies with remote workers right now should be to boost cybersecurity to keep customer and company data protected. With more work being completed over the internet, with less robust security measures, companies may be leaving themselves open to a very costly data breach. As well as the prospect of facing fines and paying out compensation, company reputations can be rocked by such incidents, as is the case with British Airways.

A wide range of different scams has been attempted with increased frequency lately, including phishing scams and identity theft, with cybercriminals seemingly getting more innovative with their approach of attacks.

Secure your data with Secure Power

At Secure Power, cybersecurity is vital to us. We ensure all of our products have been designed to incorporate the highest level of security measures. For example, the interface cards that are used in our units provide standard user authentication. It is also possible to use certification to ensure secure email communications are authenticated and encrypted, preventing interception of data while travelling over the network. The latest revision of SNMP V3 (Simple Network Management Protocol) provides authentication when connecting to the device and secure access to sensitive infrastructure information.

We have been helping businesses of all sizes to ramp up their data security to help prevent hacking and other cybercrime activities that can lead to large scale problems such as the situation with British Airways.

Speak to our team of experts and we can help you to find the best security framework to protect your business from potential data breaches.

Call us on 0114 349 3480 or request a call back by completing our online form.

The first incident involved around 185,000 reward-booking customers, while the second breach affected 380,000 users of the BA website and app. As well as personal details such as names, addresses and email addresses, the breach included the compromise of payment card information, including numbers, expiry dates and even the CCV code.

As you can imagine, one breach on this scale is bad but two within a few months of each other is even worse and the Information Commissioner’s Office (ICO) promptly took action by starting an investigation into the breach incidents. The issue related to the website and app was determined to be the result of a hacker setting up a fake website purporting to be the official British Airways website, diverting the user from the company website to the fake one.

The ICO concluded that British Airways was processing a significant amount of data without adequate security measures in place. The consequence of their findings was that they issued a notice of intention to fine BA to the sum of £183m, which was a record fine for a breach. However, following an appeal and further legal discussions, the penalty was later reduced to a £20m fine.

BA now facing a compensation settlement

As well as being required to pay the fine issued by the ICO, British Airways must now also face up to the possibility of compensating the affected customers. Any customer who has incurred damages as a result of one of the breaches may be entitled to claim for compensation from BA and according to several sources, the airline company could be looking at paying out up to £3bn in compensation.

According to the steering group of lawyers, British Airways have outlined their intentions of settling the claims in the first quarter of 2021. Some law firms are anticipating that affected customers are likely to receive compensation payouts of up to £16,000 in the most extremely affected cases, with the average payment being closer to £2,000. Many law companies are already canvassing to find breach victims who they can help to pursue compensation on behalf of.

BA is currently denying liability and it will come down to a judge to decide whether BA is, in fact, liable to the claimants, so once the court case has been settled, this could be the biggest ever data breach compensation settlement.

The importance of protecting data

Companies around the world will be eagerly awaiting the outcome of the case, with many other businesses around the world being subjected to similar hacking incidents. This is a growing threat for companies of all sizes, with cybercriminals more recently taking advantage of the opportunities that the health pandemic has presented to them.

One of the opportunities that have been taken advantage of is that more people are working from home and often this means that their security measures are easier to compromise compared to working from the office, using the company’s more secure IT infrastructure.

So, one of the priorities for companies with remote workers right now should be to boost cybersecurity to keep customer and company data protected. With more work being completed over the internet, with less robust security measures, companies may be leaving themselves open to a very costly data breach. As well as the prospect of facing fines and paying out compensation, company reputations can be rocked by such incidents, as is the case with British Airways.

A wide range of different scams has been attempted with increased frequency lately, including phishing scams and identity theft, with cybercriminals seemingly getting more innovative with their approach of attacks.

Secure your data with Secure Power

At Secure Power, cybersecurity is vital to us. We ensure all of our products have been designed to incorporate the highest level of security measures. For example, the interface cards that are used in our units provide standard user authentication. It is also possible to use certification to ensure secure email communications are authenticated and encrypted, preventing interception of data while travelling over the network. The latest revision of SNMP V3 (Simple Network Management Protocol) provides authentication when connecting to the device and secure access to sensitive infrastructure information.

We have been helping businesses of all sizes to ramp up their data security to help prevent hacking and other cybercrime activities that can lead to large scale problems such as the situation with British Airways.

Speak to our team of experts and we can help you to find the best security framework to protect your business from potential data breaches.

Call us on 0114 349 3480 or request a call back by completing our online form.