British Airways was dealt another blow recently following their 2018 data breach. The High Court ruled that customers affected in the breach are now able to pursue legal action against the company. The British airline giant can now add lawsuits with up to 500,000 customers to their growing list of post-breach consequences in addition to the record fine of £183 million issued by the Information Commissioner’s Office (ICO) earlier this year.
British Airways suffered the massive data breach in August of last year, compromising data of over half a million customers. Poor data security practices enabled hackers to divert customers to a fraudulent site and steal their personal information such as names, addresses, login information, card numbers, expiry dates and even three-digit CVV codes. The breach occurred over the course of a two-week period. As with most data breaches where the consumer’s sensitive information is compromised, British Airways saw an immediate consequence upon announcing the news in the form of damage to their reputation and a 4% drop in the value of the shares of their parent company. According to a PCI Pal survey, 83% of US consumers, 44% of UK consumers, 43% of Australians and 53% of Canadians will stop spending with a business for several months in the immediate aftermath of a security breach or a hack, which in the airline’s case means a significant decrease in revenue.
On top of losing existing and potential customers, the British airline was fined a record amount of £183 million in July of this year, which amounts to 1.5% of the company’s global turnover. The introduction of the EU’s GDPR meant a significant increase in data breach related fines, from a maximum of £500,000 to a maximum of 4% of the organization’s global turnover.
Paying the record fine does not mean the airline is in the clear, as it will also have to deal with significant financial repercussions following the class action lawsuits from affected customers. Another item to add to the list of potential repercussions from poor data security practices.
With data breaches still on the increase and regulations stricter than ever before, companies should make data security and compliance their main priority. Rather than trying to keep the hackers out, businesses should be focusing on encrypting what data they have and where and ensuring there’s no data for hackers to steal in the first place.
Download our eBook to learn more about maximising security in your contact center environment.