British Airways
British Airways logos are seen on tailfins at Heathrow Airport in west London (Photo: Reuters / Toby Melville)

European Union regulators have just issued a record-breaking fine against the UK's flag carrier, British Airways.

The $230 million fine slapped on the company is under Europe's new tougher data privacy law. The airline was previously under the investigation of EU regulators after it had failed to address an error in its website that compromised the personal information of more than 500,000 of its customers.

The fine imposed on British Airways is the largest penalty ever given under the EU's revised privacy rule called the General Data Protection Regulation. The particular privacy regulation was enacted last year and is aimed at protecting the data and privacy of individual citizens in the EU. The regulation also addresses concerns over the export of personal data outside of the EU.

Under the General Data Protection Regulation, companies are held responsible for the safekeeping of customer data they collect, process, and store. Establishments that operate within the European Union, even if they are based in other countries, are subject to the regulations. Companies found to be breaking the rules are subject to a maximum fine equal to 4 percent of their annual revenues.  

According to the UK Information Commissioner's Office, British Airway's digital security was simply too weak to protect it from being hacked. A hacker or a group of hackers reportedly managed to access the company's website and diverted traffic that was coming to it into a fraudulent page.

The hack reportedly happened more than a year ago, on June 2018. British Airways was apparently not able to immediately detect that its website was being hacked or that traffic was being rerouted.

The company only reported the incident to authorities in September of last year. The breach resulted in the compromise of the personal data of hundreds of thousands of its customers. Hackers were reportedly able to gather sensitive data of British Airways customers including their login details, payment cards, and their booking details.

While a $230 million fine may sound significant, it actually only equates to around 1.5 percent of the airline's annual revenue.

The carrier mentioned in response to the regulator's announcement that it was going to be fighting the penalty. EU regulators had mentioned that they would be giving the airline a chance to contest the penalty.

British Airways CEO Alex Cruz mentioned in a statement that he was very disappointed in the findings of the regulator and of its proposed fine. Cruz explained that the company did respond very quickly to the incident that there have not been any reports to theft linked to the stolen customer data.