On October 16, 2020, the United Kingdom Information Commissioner’s Office (ICO) announced that British Airways would be fined £20 million, or nearly $26.8 million dollars, for failing to implement proper data breach protection and data security measures.
An ICO investigation uncovered that British Airways unintentionally disclosed the personal and financial information of 429,612 customers and staff in a 2018 data breach to the airline’s website, including names, addresses, payment card numbers, and CVV numbers.