British Airways announced on Monday that it was facing a record fine of 183 million pounds ($229 million) for last year’s breach of its security systems.
The airline said it was “surprised and disappointed” by the penalty from the Information Commissioner’s Office (ICO), the BBC reported.
“We are surprised and disappointed in this initial finding from the ICO,” Alex Cruz, British Airways’ chairman and Chief Executive, said in a statement.
“British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft.
“We apologise to our customers for any inconvenience this event caused.”
The incident was disclosed on September 6, 2018, and October 25, 2018.
At the time, the airline had said that approximately 380,000 transactions were affected, but the stolen data did not include travel or passport details.
The information included names, email addresses, credit card information such as credit card numbers, expiration dates and the three-digit CVV code found on the back of credit cards, although British Airways has said it did not store CVV numbers.
The ICO said on Monday it was the biggest penalty it had ever handed out and the first to be made public under new rules, the BBC reported.
The penalty imposed on British Airways is the first one to be made public since those rules were introduced and amounts to 1.5 per cent of its worldwide turnover in 2017, less than the possible maximum of 4 per cent.
Until now, the biggest penalty was 500,000 pounds, imposed on Facebook for its role in the Cambridge Analytica data scandal.
British Airways has 28 days to appeal.