Four months after the new General Data Protection Regulations (GDPR) became law, the UK has seen the start of its first high-profile investigation after the Information Commissioners Office announced it was looking into the British Airways (BA) data breach.
The breach, which occurred between August 21 and September 5 2018, saw BA’s security systems compromised by sophisticated hackers leading to the loss of customer data including names, email addresses and credit card information.
The hackers also got a hold of the highly sensitive CVV code, featured on the back of your credit card, which BA insists they did not store, as it’s prohibited according to the standards laid down by the Payment Card Industry (PCI) Security Standards Council.
This has led to speculation that the hackers intercepted the information rather than directly accessing data from the BA database.
For those customers affected, it’s recommended that you change your online passwords and monitor your accounts for any unusual transactions, with BA promising to compensate anyone who suffers financially as a result of the breach.
If BA are found guilty of breaching GDPR then the ICO are within their rights to impose a fine up to 4% of the organisation’s annual global revenue, which in this case amounts to £489million. If such a fine is imposed, it would also act as a warning to other organisations for the need to remain compliant with the new regulations.
If you’re still confused about GDPR and what it means for you and your business, why not check out MicroLearn’s Data Protection Range which provides both a comprehensive overview of the regulations and in-depth breakdowns of key components including Lawful Basis for Processing, Individual Rights and Accountability?
Or, if like British Airways you deal with customer’s credit card information, refresh your knowledge with our new PCI-DSS (Payment Card Industry, Data Security Standard) course, which covers what thieves target, different types of security and how to show compliance.
As part of our Compliance Catalogue, we also offer a comprehensive Cyber Security course and a free mini-video (below), which you can share with your colleagues, so you know what to do if your organisation is threatened by a cyber-attack.
For more information about MicroLearn’s courses, or to request a Free Demo email firstname.lastname@example.org