Skip to Content
Computing

British Airways hack could provoke the wrath of the GDPR

September 7, 2018

A hack of the airline’s system left hundreds of thousands of passengers’ financial information exposed, and a big fine could follow.

The news: Sometime between August 21 and September 5, more than 380,000 customer transactions on the British Airways website were compromised by hackers. The company began notifying those affected yesterday.

The law of the land: The EU’s newly minted General Data Protection Regulation requires that companies take precautions to protect customer data and notify authorities of any breaches within 72 hours.

The penalty: If it’s determined that British Airways didn’t do enough to protect consumer information, it could be facing a fine of up to 4 percent of its annual revenue (that works out to about 500 million pounds). That is a big “if,” though. Even well-protected companies can be hacked, so the mere fact that the data was compromised doesn’t mean the company is at fault. In the meantime, the company’s CEO has promised to compensate any customers financially affected by the hack.

Why it matters: This timing of this hack isn’t great for British Airways. This is one of the first major data breaches since the new regulations went into effect. Regulators may see this as an opportunity to make an example of the company to show they are serious about enforcing GDPR. As Julian Saunders, founder of Port.im, a British software maker that helps companies comply with GDPR, told Bloomberg, “At some point a line needs to be drawn and this might be the best time to do it.”

Deep Dive

Computing

Erik Prince wants to sell you a “secure” smartphone that’s too good to be true

MIT Technology Review obtained Prince’s investor presentation for the “RedPill Phone,” which promises more than it could possibly deliver.

Corruption is sending shock waves through China’s chipmaking industry

The arrests of several top semiconductor fund executives could force the government to rethink how it invests in the sector.

Inside the software that will become the next battle front in US-China chip war

The US has moved to restrict export of EDA software. What is it, and how will the move affect China?

Hackers linked to China have been targeting human rights groups for years

In a new report shared exclusively with MIT Technology Review, researchers expose a cyber-espionage campaign on “a tight budget” that proves simple can still be effective.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.