Free Software Review
X

Kaleida
Call us on 0161 870 8160
Cath Kenyon
Date: 11th September 2018
Author: Cath Kenyon
Blog & News

After a summer of controversy for the UK’s transport industry, autumn begins with British Airways hitting the headlines thanks to a significant data breach. Although not deemed the greatest or most dangerous exposure of data in the 21st century, with GDPR now in full effect, life could quickly become uncomfortable for BA in the wake of the scandal.

 

For two weeks during late August and early September, the data of thousands of BA customers was accessed by hackers who had managed to burrow their way into the flight giant’s systems.

From approximately 380,000 customer transactions, hackers were able to harvest a treasure trove of card details (including the three-digit CVC and expiry dates) and personal information, leaving British Airways no choice but to publish guidance for those affected, detailing how they can protect their bank accounts.

Although devastating to customers – the violation of having your data stolen is one which often affects trust and causes anxiety long after the initial theft – the breach is unlikely to go down in the annals of history as a particularly critical cyberattack – especially in the face of scandals such as Ashley Madison and WannaCry.

But there’s a key difference between these attacks which could spell trouble for BA: we now live in a world where personal information is governed by GDPR, and the two-week exposure of private data could make BA the first public example of EU lawmakers flexing their new-found powers.

 

How GDPR Changed the Game

You may be wondering what GDPR – guidelines which seemed to heavily focus on getting us all to ‘opt-in’ to marketing emails again, and the reason we’re bombarded with privacy pop-ups when we visit a new website – has to do with cyberattacks. You’d be right to wonder, as the headlines have very much focused on the issue of consent and how the likes of Facebook and Twitter gather and process our personal information.

But beyond that and behind the scenes, GDPR also has huge implications on security. Under the reviewed guidelines, businesses have a greater responsibility to keep our data safe and have the proper measures in place to deal with a data breach.

So far, we haven’t seen a big business name publicly penalised under GDPR, though threats of class-action lawsuits and protests have been plentiful since day one. This could be about to change – with BA serving as the poster child for getting it wrong.

 

What Could Happen to BA?

As BA is the first big British company to run afoul of GDPR, what happens next is very much up in the air. Although the guidelines mandate that specific precautions are taken and individuals – and authorities – are informed of a breach within 72 hours of learning about it, there’s still uncertainty around whether the breach warrants a fine at all.

As Bloomberg reported in the wake of the incident, the potential consequences could see BA fined a staggering 4% of its annual sales – around £489million according to 2017 figures. It’ll also earn the airline giant the dubious honour of being the first high-profile casualty of GDPR.

 

Breaking the Silence

Something which could either help or hinder British Airways in light of the hack, is the deafening silence over other data breaches taking place this summer, as well as Google’s own time in the headlines for effectively “stalking” users with location data.

The likes of Reddit and Timehop have both seen malicious attacks take place on their systems post-GDPR launch, and have yet to face an EU-backlash. In BA’s favour, this could demonstrate some clemency as businesses adjust to life under the new guidelines; working against them, this could make British Airways a target to be made an example of – a fatted calf to publicly sacrifice.

 

Lessons to learn

Whatever BA’s fate is following the data breach, there are plenty of lessons for businesses of all shapes and sizes to take away from the situation – namely, that customer data should be prized and guarded if businesses want to avoid falling afoul of GDPR. Precautions mandated by the guidelines must be taken, and responsibility assumed by companies who fail to detect breaches or report them after the 72-hour deadline.

If you’ve ever been in any doubt over how serious GDPR will be taken after its inception, keep an eye on the headlines and the commentary in the weeks that follow: for British Airways, they could be life-changing.

Meanwhile, look inwards to ensure all security is up to date and you have disaster recovery plans in place to make sure you never find yourself in BA’s shoes, waiting uncertainly for a punishment that may or may not ever arrive.

 

Kaleida’s bespoke software solutions are built with security and functionality in mind, tailored to our clients’ individual needs. To find out more about our services, feel free to explore our website, or get in touch with our team for a free software review.

Back to articles
Article Categories
Article Archives

FREE Software Review

Development cycle allows greater communication and collaboration with clients, providing an adaptive and responsive approach that has been proven to address changing business requirements.

Start Now

News & Blog

3 Cloud Tech Trends To Look Out For In 2021

3 Cloud Tech Trends To Look Out For In 2021 31st December 2020
3 Cloud Tech Trends To Look Out For In 2021 Hover Icon Read More

If there is one thing that we are all hoping for with what 2021 may hold for us is a somewhat “business-as-usual” year following the unprecedented situation that 2020 presented us with. One thing that has been evident, though, is …

Twitter Adopt Amazon Web Services In New Partnership

Twitter Adopt Amazon Web Services In New Partnership 16th December 2020
Twitter Adopt Amazon Web Services In New Partnership Hover Icon Read More

Twitter have recently moved their infrastructure into the cloud under the vast online giant Amazon Web Services (AWS). They have been brought on to scope including the delivery of timelines in a multi-year agreement in which Twitter will leverage the …

New Survey Reports Heavy Business Modernisation Through Digital

New Survey Reports Heavy Business Modernisation Through Digital 30th November 2020
New Survey Reports Heavy Business Modernisation Through Digital Hover Icon Read More

Key insights from a survey have been released that have found among various other results; that businesses are heavily modernising, scaling toward digital and enhancing existing processes as a result of the coronavirus pandemic. The survey of IT leaders has …

Read more news & blog articles

How could we help your business?

A more efficient and profitable use of data. Safer, more secure systems. Operational efficiencies. Special projects. Manage and support your systems to make sure your success is sustainable, is ongoing.

Get in touch
Kaleida Logo
Kaleida Map
Kaleida Unit 5, 11 Burton Place, , Manchester, , M154PT
Map Pin
Call us on 0161 870 8160 Email us at enquiry@kaleida.co.uk
Top

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close