Further to the theft of customer data from British Airways’ website, disclosed on 6 September 2018 and 25 October 2018, British Airways has been notified by the UK Information Commissioner’s Office (ICO) that it intends to issue the airline with a penalty notice under the UK Data Protection Act. The ICO has indicated that it proposes to impose a penalty of £183,390,000 (1.5 per cent of British Airways’ worldwide turnover for the financial year ended 31 December 2017).

Alex Cruz, British Airways chairman and chief executive, said:

– We are surprised and disappointed in this initial finding from the ICO”.

– British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft”.

– We apologise to our customers for any inconvenience this event caused.”

Willie Walsh, International Airlines Group chief executive said:

– British Airways will be making representations to the ICO in relation to the proposed fine. We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.”