IAG, owners of BA, Aer Lingus, Vueling & Iberia announced small profits of around €70m for the past quarter, only to see them evaporate on Monday morning when British Airways was fined nearly £185m ($232m/€207m).
The fine was imposed by the UK Data Commission, under new powers giving it the right to fine companies that fail to protect customer data. The amount is based on a percentage of the Groups overall turnover.
Last year BA had its website and App data raided by hackers who stole names, dates of birth, emails and credit card data on 500,000 customers around the world.
While BA was relatively quick to warn people, taking around a week to identify the problem, the fact its relatively new system was so easily breached didn’t impress regulators.
The airline industry is relatively pathetic at protecting data.
Airlines I use regularly vary greatly. British Airways account access is in my opinion, simple and easy to use but pathetically week when it comes to passwords and security. Lufthansa is better by some margin, KLM is reasonable but not outstanding. Virgin Atlantic who used Delta’s underlying framework is better than it was but far too simple: for example it can’t manage a password more than 8 letters and numbers and no special characters.
The only airline that uses two factor authentication I’ve come across is Finnair.
If the underlying frameworks of these airlines are as uncomplicated as their customer facing end – and it seems to follow that’s mostly true, it’s amazing more haven’t been seriously compromised. Then again maybe they have but aren’t saying.
In any event, it’s a sharp warning to airlines and UK business in general – that such breaches won’t be free of penalties.