British Airways, which regularly flies passengers between London and Nairobi, is facing a £500million fine over the data breach that compromised 380,000 card payments over 15 days up until Wednesday.
The Information Commissioner’s Office (ICO) said it was “making inquiries” about the breach and under new Data Protection Act regulations, the maximum penalty for a company hit with a data breach is the greater amount between a fine of either £17million or 4 per cent of its global turnover.
With BA’s total revenue being £12.2billion in 2017, the company could be facing a fine of about £500 million if the ICO decides to takes action.
Shares in BA’s parent company International Airlines Group (IAG), fell by more than 3 per cent on Friday as angry customers moved to cancel their credit cards.
Speaking to the BBC, BA chairman and chief executive Alex Cruz said: “There was a very sophisticated, malicious criminal attack on our website.
“We became aware initially on that day, and we began to work on it. We discovered that something had happened, and immediately we began to work.”