Following the substantial breach of customer data announced last September, British Airways has been notified by the Information Commissioner’s Office that it will receive a record fine of £183 million – the largest-ever since the introduction of GDPR and 1.5 percent of the airline’s 2017 total worldwide turnover.
The breach, which was disclosed in September but first started in June 2018, affected approximately 500,000 customers, diverting users booking through the company’s website to a fraudulent site where hackers were able to access details including credit card information, travel booking details, and more.
There are plans to appeal the ICO’s decision, but when it comes to security breaches, fines are just one of many potential consequences. Breaches can have hidden costs, too, which can have longer-term impacts on a company’s revenue. A recent survey conducted by PCI Pal of consumers in the US and UK showed that many consumers in the UK (41%) will stop spending with a brand forever following a breach, and even more (62% in the US and 44% in the UK) will stop spending with a brand for several months.
Further, how a company responds to a breach can determine how quickly it regains consumer trust – 41% of US consumers and 43% of UK consumers want companies to take responsibility and invest money in improving security efforts following a breach. Additionally, many consumers want a third party to confirm a company’s ecosystem is safe, or for the company to confirm GDPR or PCI compliance before returning as a customer.
PCI Pal’s solutions can help companies regain customer trust after a breach, or ensure your customers’ sensitive information is never at risk in the first place, by descoping your contact centre so customer information never reaches your environment. Make sure your data is secure to protect your customers, and your company, from the consequences.
If you’d like more information where PCI Compliance fits into the GDPR puzzle, take a look at our infographic.