British Airways has been fined £20 million by the Information Commissioner’s Office (ICO) for a data breach which affected over 400,000 customers.
The ICO had originally indicated that BA could be facing a fine of around £180 million. That said the £20 million fine is the biggest penalty issued by ICO to date.
The breach, which took place in 2018, affected both credit card and personal data. Customers were re-directed to the fraudulent site, but BA only discovered the problem two months after the incident by a security researcher.
A post-breach investigation found that BA did not use multi-factor authentication, when some of these measures were available on the operating system it was using at the time.