British Airways is facing a fine of around £183m for allowing the personal data of its passengers to be scammed out of users attempting to use its network, with the Information Commissioner's Office accusing the airline of running a poor security shop.
BA's being done under the legalese of the General Data Protection Regulation rules, although the hack itself was of the classic old redirection variety; users were phished-off to a fake BA site where they handed over their login data. This allowed the vaping bad people hunched over their Alienware laptops to harvest the personal data of a staggering 500,000 BA customers, with the haul including their payment card details, travel plans, names and addresses. The hack is thought to have started in June of 2018, with BA finding out and notifying authorities in September.
The airline has a chance to make representations to the ICO in mitigation, although it'll have to be one hell of an excuse and convincing bit of apologising and never-happening-again-ism to fend off the pending £183.39m fine. [ICO via Guardian]