Just a few days ago, I wrote about the major C-Level Execs in the United Kingdom are still negligent about knowing if their firm has Cyber security insurance or not, and if they do have it, to what degree the coverage is. Today, we visit the United Kingdom once again, but this time, it is their famous airline that is in trouble: British Airways.
According to the airline, the security breach occurred between August 21st and September 5th of this year, thus making it a very recent Cyber attack. Apparently, a serious data breach has exposed the personal and financial details of hundreds of thousands customers. Those who have purchased tickets on the airline’s website or via the British Airways mobile application are the ones that are affected by the breach.
Specifically, there have been well over 380,000 credit cards that were hijacked, but interestingly enough, there were no passport information or travel details stolen by the Cyber attacker(s). Now, the airline is saying that this Security breach has been resolved, but they have offered up no details as to how exactly it has been solved.
The only items that British Airways has revealed is that it has notified the local authorities; forensics investigators are working on the case; and that all affected customers have been notified.
They have also advised customers to contact their financial institution to see how the damage can be mitigated and if they can be compensated for their loss; and that also they should reset their password(s) to a much longer, and more complex one.
In response to this massive Security breach, the airline now faces a very stiff fine of up to $1 Billion, some of the heftiest that I have seen yet for any airline. I have seen some big ones for US airlines, but nothing to this extent. But keep in mind, that with the recent passage of privacy laws in the European Union, the fines imposed can be much harsher.
For example, it can range anywhere from hundreds of millions of pounds to even 4% of the net profit of British Airways. If this is indeed imposed, it can take a big financial toll on the airline. But, there is a cap, or limit on the former, and this is right now at 919 Million Pounds which is well over $1.1 Trillion!!! WOW!!!
There are people who could lose their jobs as well because of this, namely CEO Alex Cruz by stating that “My focus right now is the people that have been affected”. (SOURCE: https://www.telegraph.co.uk/business/2018/09/07/british-airways-cyber-attack-fine-could-hit-1bn/).
But on the good news side of it all, if there is any is that the total number of customers is not expected to rise any further. According to the airline, they have through every passenger booking and confirmed that the total number of would not rise any further.
In terms of the fines though, it is expected that British Airways could face a maximum of just 500 Million Pounds, which is about $64 Million, which is still a serious financial blow.
But here is where things can get tricky. British Airways actually owns other airlines, which includes the likes of the following:
So this means that British Airways is also a holding company, and if the UK government really wanted to set an example, they could charge up to 4% of the net profit of each of the above mentioned airlines and ram that in front of the nose of British Airways.
My thoughts on this?
It is very unlikely that British Airways will face fines in the billions, but probably more likely in the millions of Pounds, as just described. This is the first major Security breach that has impacted the airline in well over 23 years, and thus, it is quite likely that this will be taken into account when calculating the exact penalties. The reason for this is that the airline was quick to notify customers as well as law enforcement officials.
The airline will probably also have to pay compensation to the affected customers, but it has been mentioned that their Cyber security insurance policy would more than likely take care of this aspect.
I have never flown British Airways myself, but I have always heard good things about the airline. I have been through Heathrow a few times on my way to India, and was actually quite surprised by the level of Security that they have.
Whatever happens in the end penalty wise to the airline, hopefully it will serve as a model for the entire transportation industry here in the United States, where Security still remains at its worst levels ever.