Britain’s tidings commissioner has fined British Airways 20 million pounds ($25 million) for imperfection to protect personal data for some 400,000 customers, the largest gossamer the agency has ever issued.
The ICO said in a statement Friday that the airline was organizing personal data without adequate security measures. It also respected that it did not detect a 2018 cyber attack for two months.
Information Commissioner Elizabeth Denham said says BA’s “incompetent to act was unacceptable and affected hundreds of thousands of people, which may have caused some nervousness and distress as a result.”
Under the European Union’s General Data Refuge Rules imposed in 2018, organizations face fines of up to 20 million euros ($23 million) or 4% of annual broad turnover — whichever is greater — for the most serious violations.
Related: Previous Contractor Sentenced to Prison for Hacking British Airline Jet2
Related: British Airways Facings $230 Million Fine for 2018 Breach
Related: British Airways Judged for Exposing Passenger Flight Details
Related: British Airways, Another Casualty of Ongoing Magecart Attacks