(Reuters) – Britain’s data protection watchdog said on Friday it has fined IAG’s
“Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result,” the Information Commissioner’s Office (ICO) said of a cyber attack the airline suffered in 2018.
IAG shares slid to session lows following the announcement. By 0917 GMT, they were 3% lower at 93.2 pence.
The regulator said it considered representations from BA and the economic impact of the coronavirus crisis on their business before setting a final penalty, which was considerably less than the 183.4 million pounds proposed last year.
The ICO said its investigators found BA should have identified weaknesses in its security and resolved them with measures available at the time, which would have prevented the cyber attack.
British Airways did not immediately respond to a Reuters request for comment.
(Reporting by Muvija M in Bengaluru; Editing by Krishna Chandra Eluri)
