Britain’s information commissioner has levied the largest fine the agency has ever issued on British Airways for failing to protect personal data for some 400,000 customers. The ICO said the airline was processing personal data without adequate security measures. It also noted that it did not detect a 2018 cyber attack for two months

Information Commissioner Elizabeth Denham said BA’s “failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result.”

British Airways has been fined £20 ($34.26) million.
.
Under the European Union’s General Data Protection Rules imposed in 2018, organizations face fines of up to €20 ($30.98) million or 4% of annual global turnover – whichever is greater – for the most serious violations.