LEGAL COMMENT: British Airways cyber attack

British Airways has announced a 'sophisticated and malicious' cyber attack, where for 16 days hackers were able to retrieve customer data from both…

British Airways has announced a 'sophisticated and malicious' cyber attack, where for 16 days hackers were able to retrieve customer data from both the BA website and app. The stolen information is said to be both personal and financial information, rather than travel details or passports.

Both the National Crime Agency and Information Commissioner's Office are making enquiries.

Partner Ed Lewis believes the issue should be considered a wider reminder for businesses in their management of data in the event of a breach:

"In yet another large-scale data breach since the implementation of GDPR, it will be interesting to see how British Airways is dealt with by the ICO. However, beyond the analysis of consequences and implications of the breach itself, this incident should act as a reminder for nearly all businesses on whether they could handle the fall out should they become victim to a malicious attack.

"At the moment, most organisations structure their data in a way which makes it complicated - and sometimes impossible - to definitively find out which customers are affected and how. Current storage systems are typically not much more than huge vats of data, and as a result assisting concerned customers once a breach has happened can be a difficult if not fruitless exercise.

"The business community is getting better though, and some companies are looking to new technology to assist with not only data protection but, crucially, when things go wrong – the organisation of such data. Good firms are leading the way with the use of artificial intelligence to help their clients get a better grip on their obligations; keeping data safe and rectifying any wrongs with confidence. At Weightmans, we are already finding that our Cyber & Privacy team’s use of AI is a game changer in both the prevention and cure of such issues for our clients."

Share on Twitter