Further Repercussions from British Airways' Data Breach

Published on: 14th September 2018
By PYXI GDPR Team


Following the breach of 380,000 financial (credit card transaction) records from British Airways, apparently through their website being hacked, there have been many stories this week regarding the potential for seeking compensation for those who have been affected.

SPG Law have stated that they are interested in pursuing BA for financial compensation for those who've experienced "inconvenience, distress" and for the  "misuse" of their personal data. BA has already reassured customers that they will compensate customers for any financial loss.

The case highlights several factors about data security.

Firstly, even a relatively short duration breach incident can cause a massive impact on organisations and their customers. High volume websites like BA's process thousands of transactions a day. This resulted in massive data theft from a breach that is reported to have lasted only 44 days.

Secondly, a single point of failure (in this case the website appears to have had a mailcious code injected into it) can disrupt an entire businesss operation, and cause catastrophic reputational damage.

Thirdly, while the fault is not with BA (they appear to have been the target of a criminal act), it is BA that will bear the brunt of the consequences of this incident (along with the credit card companies who may also have to provide financial remedy should the card details be used illegally).

It may be that we will never discover the cause of this attack, and it is very unlikely that the perpitrators will be brough to justice, but it serves as another reminder of the importance of being prepared and taking every possible precaution to ensure that data is protected, especially online. Organisations of any size are highly advised to make sure they are aware of their cyber security risks as part of their data protection management. PYXI for GDPR can provide you with the tools to audit and record your data protection and security processes, and highlight areas of weakness. Sign up for PYXI today.

PYXI GDPR Team: 14th Sep 2018 08:05:00