BRITISH Airways could challenge the record fine of more than £183 million it is facing over a customer data breach.
The airline’s chief executive Alex Cruz said he was “surprised and disappointed” by the penalty from the Information Commissioner’s Office.
Personal data relating to around half a million passengers was compromised during the hacking incident, according to the ICO.
The firm said it will be "making representations" to the commissioner.
A spokesman for the watchdog said the proposed £183.4m fine would be the largest it has handed out and the first to be made public since new rules came into force.
The General Data Protection Regulation came into force in May last year and means firms can be fined up to four per cent of annual turnover for data breaches.
READ MORE: British Airways set to be fined £183m over customer data hack
British Airways’ fine would represent 1.5% of its annual turnover.
It is the largest fine issued by the ICO since it told Facebook to pay £500,000 over failures to protect user data, which was the maximum penalty at the time of the incidents.
Details of the hack - which is believed to have begun in June 2018 - were first revealed by the airline in September of that year.
The ICO’s investigation found that a variety of information was compromised by “poor security arrangements”, including log in, payment card and travel booking details as well as customers’ names and addresses.
Part of the scam involved passengers being diverted to a fake website, through which their details were harvested by the attackers.
Elizabeth Denham, the Information Commissioner, said: “People’s personal data is just that - personal.
“When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience.
“That’s why the law is clear - when you are entrusted with personal data you must look after it.
“Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
READ MORE: British Airways owner reports 60% drop in profit
Mr Cruz, British Airways chairman and chief executive, said: “We are surprised and disappointed in this initial finding from the ICO.
“British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft.
“We apologise to our customers for any inconvenience this event caused.”
Willie Walsh, chief executive of parent company International Airlines Group, said: “British Airways will be making representations to the ICO in relation to the proposed fine.
“We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.”
It comes at a time of challenging conditions across the European aviation sector, much of which has been brought on by Brexit, including high fuel prices and weak consumer confidence all contributing to airline woes including the failure of Flybmi, which served Scotland before it collapsed in February.
READ MORE: Glasgow airline returns to profit but warns market remains tough
Glasgow-based airline Loganair and Edinburgh-headquartered John Menzies, the air logistics firm, said earlier the aviation sector had experienced pressures.
Analyst Martin Hallmark, of Moody’s, said the move “highlights the need for increasing investment in and focus on cybersecurity management across the airline industry”. Jonathan Compton, partner at City law firm DMH Stallard, said: “the notice of intention is not a final decision.”
Shares in IAG were down as much as 1.95% in early trading on Monday, at one point hitting a low of 447.6p.
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules here