Skip to Content
Computing

British Airways hack could provoke the wrath of the GDPR

September 7, 2018

A hack of the airline’s system left hundreds of thousands of passengers’ financial information exposed, and a big fine could follow.

The news: Sometime between August 21 and September 5, more than 380,000 customer transactions on the British Airways website were compromised by hackers. The company began notifying those affected yesterday.

The law of the land: The EU’s newly minted General Data Protection Regulation requires that companies take precautions to protect customer data and notify authorities of any breaches within 72 hours.

The penalty: If it’s determined that British Airways didn’t do enough to protect consumer information, it could be facing a fine of up to 4 percent of its annual revenue (that works out to about 500 million pounds). That is a big “if,” though. Even well-protected companies can be hacked, so the mere fact that the data was compromised doesn’t mean the company is at fault. In the meantime, the company’s CEO has promised to compensate any customers financially affected by the hack.

Why it matters: This timing of this hack isn’t great for British Airways. This is one of the first major data breaches since the new regulations went into effect. Regulators may see this as an opportunity to make an example of the company to show they are serious about enforcing GDPR. As Julian Saunders, founder of Port.im, a British software maker that helps companies comply with GDPR, told Bloomberg, “At some point a line needs to be drawn and this might be the best time to do it.”

Deep Dive

Computing

Inside the hunt for new physics at the world’s largest particle collider

The Large Hadron Collider hasn’t seen any new particles since the discovery of the Higgs boson in 2012. Here’s what researchers are trying to do about it.

Why China is betting big on chiplets

By connecting several less-advanced chips into one, Chinese companies could circumvent the sanctions set by the US government.

How Wi-Fi sensing became usable tech

After a decade of obscurity, the technology is being used to track people’s movements.

VR headsets can be hacked with an Inception-style attack

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.