GDPR: Record British Airways fine shows how data protection legislation is beginning to bite
British Airways will soon have the dubious honor of becoming the first organization to receive a major fine under the European Union’s General Data Protection Regulation (GDPR) that came into effect in May of 2018. The UK’s Information Commissioner’s Office plans to slap the airline with a £183.4m fine (around $228m) over the data breach the company experienced in the summer of 2018.
The breach occurred because Magecart hackers managed to obtain access to the personal and payment card data of over 500,000 British Airways customers by compromising the company website. Magecart is an umbrella term for various criminal groups that attack web shops with the aim of injecting them with payment card skimming malware.