If you wait for them, the big General Data Protection Regulation (GDPR) fines will come.

UK Data protection authority, ICO, announced its intent to fine British Airways 183 million GBP (1.5 percent of annual revenue) for a data breach in violation of GDPR.

The proposed fine relates to a cyber incident of which the ICO was notified by British Airways in September 2018.

This incident in part involved user traffic to the British Airways website being diverted to a fraudulent site. Through this false site, customer details were harvested by the attackers. Personal data of approximately 500,000 customers was compromised in this incident. Information included login, payment card and travel booking details as well as name and address information. British Airways has cooperated with the ICO investigation and has made improvements to its security arrangements since these events came to light.

Read the ICO’s official announcement.

I discussed the fine with Hannah Denham of The Washington Post.