Case study: British Airways Data Breach Fine by ICO of £183.4million
ICO has announced today that after an extensive investigation it is intending to issue a fine of £184.39 million to British Airways for for infringements of the General Data Protection Regulation (GDPR).
In September 2018, British Airways has announced that there was a data breach and as many 500,000 customer records were stolen. A card skimming group called Magecart is believed to be behind the attack. The same group was involved in Ticker Master data breach. The group has exploited the scripts running on the website and used to steal the data.
What happens now? British Airways has 28 days to appeal against the decision and fight the case. I am 100% sure that they will appeal and try to reduce the fine amount. Regardless of what happens with this case the message is clear. The ICO is doing it's job and handing the fines if regulations are breached. It's time to take the security and privacy seriously in your organisation.
The GDPR fines are either 4% of the global turnover or £20Million whichever is the highest. For most of us, £20million fine would put us straight out of the business. Would you like to be known as the person that put your company out of business because you didn't take security seriously?
The best time to plant security is at the start and the second best time is now. Start today, look at what assets you have, classify them, assess the risk and start taking steps to minimise the risk. For most businesses Cyber Essentials, Cyber security policy, multi factor authentication, User education can be very good starting point and quick wins.
Get in touch if you need help.
- Why is Cyber Essentials Important?
- TechForce Cyber COVID-19 assistance
- The Essential Cyber Hygiene for your business
- Why do you need a SIEM?
- Deadline for the Cyber Essentials Voucher
- New Year cyber security recommendations
- How to uncover network vulnerabilities
- Protecting your identity online
- What is a VPN and why do you need one?
- Quick tips to improve your board’s cybersecurity
- Password Management Software
- How to make of your employees the best line of cyber defence against cyberattacks
- Certificate management processes
- What is Phishing and what can you do to prevent it?
- Found malware, now what do you do?
- Data breaches and other scary 2019 events- Special Halloween post
- How to get your cyber security budget approved by the board
- The TechForce Sponsorships
- How to start a career in the security industry
- Protecting your business in the cyber security era
- Secure Your Supply Chain
- The Silver Bullet in Cyber Security
- Is it a good idea to build your own Security Awareness Training platform?
- Invoice fraud email scams and Office 365
- How to apply for the Cyber Essentials Voucher Scheme
- 5 things to consider when selecting a Security Awareness Training (SAT) platform
- What is Business Email Compromise (BEC) and how to stop it
- Everything you need to know about Cyber Essentials
- Cyber Essentials Demystified
- How to choose a Security Awareness Platform
- 6 Quick and Easy Email Security Tips for Dummies
- How to carry out a baseline email phishing test
- Hackers On Tour
- How to share passwords safely in your Small Business
- In the news - Warning. North Sea firms likely already attacked
- 10 Steps to Cyber Security
- What is Email phishing & why you need security awareness training in your business
- 6 Top Tips to Prevent Cyber Attacks
Why is Cyber Essentials Important?
More often than not customers ask us the question ‘Why is Cyber Essentials important?’ or ‘Why do we need Cyber Essentials Certification?’More
TechForce Cyber COVID-19 assistance
We are facing one of the biggest challenges we have ever seen. COVID19 sweeping the country. At TechForce, we are trying to do our bit to help.More
The Essential Cyber Hygiene for your business
We hear about the Travelex, British Airways, Maersk and Equifax data breaches. Over 90% of these incidents can be prevented by following basic Cyber Hygiene for your businessMore
Why do you need a SIEM?
A SIEM is a security information event manager, which very simply means its software that manages events regarding information security, simple enough.More
FOR LATEST UPDATES SUBSCRIBE HERE: