You’re worth about £50 each

By | Category: Travel rumblings

It was just about £50 per person that the Information Commissioner’s Office (ICO) settled on when the British Airways database was breached and customer records were accessed.

tal fins of British Airways planes
BA pays a fine but what compensation do passengers get?

Originally the fine that was levied on British Airways was £183 million but, in the mind, the commissioner settled on less than a ninth of that sum.

Why so little?

Because the ICO took into account the effect of the pandemic.

When the fine was issued in July of last year, it was thought that up to 500,000 records had been hacked. The thinking now is that 429,612 records might have been accessed although it looks as though the real figure will remain unknown.

As I wrote last year, travel companies employ some of the most sophisticated back office systems to handle their bookings and yet BA was still attacked successfully.

It now transpires from the ICO investigation that BA’s systems weren’t as sophisticated as they might have been or at least the software governing people’s private records weren’t.

According to the ICO, British Airways could have better protected its customer records by

  • “limiting access to applications, data and tools to only that which are required to fulfil a user’s role
  • undertaking rigorous testing, in the form of simulating a cyber-attack, on the business’ systems;
  • protecting employee and third party accounts with multi-factor authentication.”

It further pointed out that “none of these measures would have entailed excessive cost or technical barriers.” 

So why didn’t the IT boffins at BA implement such ideas? We’ll probably never find out

We do know where the fine goes. It goes to the UK government’s Treasury Consolidated Fund. Why – as I queried last year – does some or all of the £20 million not go to the 429,612 people that have been inconvenienced?

Do passengers have to resort to litigation to get some compensation? Why can’t the rulings about data breaches always include a compensation sum for the people affected?

If you enjoyed this post, please consider subscribing to the RSS feed to have future articles delivered to your feed reader.
Tags: , ,