The Information Commissioner’s Office (ICO) imposed a fine of £20m on British Airways (BA) for failing to protect the personal and financial details (payment card details) of more than 400,000 customers.
The ICO investigation revealed that the BA had not implemented adequate security measures and as a result, could not detect a cyber-attack, which took place in 2018 until BA was made aware of the attack by a third party two months later.