Britain’s privacy watchdog on Monday announced its intention to fine British Airways, the country’s second-largest airline, nearly £183.4 million ($229.5 million) citing a security weakness in the airline’s website that enabled hackers to harvest the personal information of customers.
The U.K. Information Commissioner’s Office (ICO) issued a notice concerning the proposed fine citing infringements of the General Data Protection Regulation (GDPR). The incident was the result of poor security arrangements at the company, the ICO said in a statement.
“People’s personal data is just that—personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience,” said Information Commissioner Elizabeth Denham. “That’s why the law is clear—when you are entrusted with personal data you must look after it.”
She added: “Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
More than 500,000 customers were compromised as a result of the incident, according to British Airways. The company has advised that anyone who made bookings or changes to bookings between August 21, 2018, and September 5, 2018, may be a victim.
The airline has said names, billing addresses, email addresses, and all bank card details were at risk. No passport or travel details were stolen, it said.