The International Airlines Group (IAG) revealed today that the company it owns, British Airways (BA), faces a £183.4m ($229.7m) fine after the Information Commissioner's Office (ICO) intended to impose a penalty for the theft of customer data.
The upcoming penalty is related to the theft disclosed on 6 September 2018 and 25 October 2018. The fine is equivalent to 1.5% of BA’s worldwide turnover for the financial year ended 31 December 2017, IAG confirmed.
"We are surprised and disappointed in this initial finding from the ICO,” said Alex Cruz, chairman and CEO at British Airways.
"British Airways responded quickly to a criminal act to steal customers' data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused."
Willie Walsh, IAG CEO added:
"British Airways will be making representations to the ICO in relation to the proposed fine. We intend to take all appropriate steps to defend the airline's position vigorously, including making any necessary appeals."
Last year, BA revealed that 565,000 customers may have had personal details stolen in a data breach. It said that customers that made reward bookings using a payment card between 21 April and 28 July this year were at risk.
Details that may have been stolen include names, addresses, email addresses, card numbers, expiry dates, and card verification value (CVV) numbers.