The Cost Of A Data Breach

If a company is keen to lose money fast, one of the best ways of doing it in today’s world seems to be to breach the rules on how customer data is looked after.

This is shown by the fines imposed recently on corporations that have suffered cyber breaches involving customer information or that have otherwise fallen foul of data regulators.

For example, in July the Information Commissioner’s Office (ICO) in the United Kingdom fined British Airways (BA) £183.39 million (Dh839.55 million) after the data of about half a million of the airline’s customers was stolen. The violation began in June 2018 and involved traffic on BA’s website being channelled into a fraudulent site.

On levying the fine for the breach of the EU’s General Data Protection Regulation (GDPR), the UK’s information commissioner, Elizabeth Denham, was uncompromising in her comments.

When an organisation fails to protect customer data, she said in a statement, the consequences are “more than an inconvenience”.

“That’s why the law is clear – when you are entrusted with personal data, you must look after it,” Denham added.

BA was not the only corporation that Denham slapped with a heavy fine in July. That month the ICO announced that the hotel group Marriott International would have to pay £99.2 million (Dh454.24 million) after losing control of 339 million guest records.

Significant though these two fines from the ICO were, they were dwarfed by a pair of fines imposed in the United States in July, a month that demonstrated unequivocally the determination of authorities to get tough with data breaches.

The Atlanta-headquartered credit reporting agency Equifax agreed to pay $700 million (Dh2.57 billion) in fines for a data breach in 2017 that saw the records of 145 million customers compromised.