Half a million passengers' data stolen in British Airways hack

British Airways: Some 500000 passengers had details stolen via the hack. Photo / Getty Images

British Airways is facing a nearly $345 million fine after the personal data of 500,000 customers was stolen online last year.

The UK's Information Commissioner's Office blamed the breach on the company's "poor security arrangements" in a Monday statement, unveiling what would be a record fine under the European Union's landmark new privacy rule called the General Data Protection Regulation.

The hack began in June 2018 when customer traffic to the British Airways website was diverted to a fake Web page and personal data was hacked, including customers' names, addresses, log in information, payment cards and travel booking details. British Airways disclosed the breach in September.

Information Commissioner Elizabeth Denham said the law regarding the protection of personal data is clear.

"When you are entrusted with personal data you must look after it," she said in the statement. "Those that don't will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights."

Alex Cruz, chairman and chief executive of British Airways, said in a statement the company is "surprised and disappointed" by the fine.

"British Airways responded quickly to a criminal act to steal customers' data," he said. "We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused."

The Information Commissioner's Office said British Airways has cooperated with the investigation. Still, the office proposed the record penalty of 183.39 million pounds ( NZ $344.72 million), or about 1.5 percent of British Airways' annual revenue, under the General Data Protection Regulation which was passed by the European Union last year.

British Airways, which is owned by International Airlines Group, said it has since improved its security. IAG's chief executive Willie Walsh said in a statement that the airline would fight the proposed penalty.

"We intend to take all appropriate steps to defend the airline's position vigorously, including making any necessary appeals," Walsh said.

IAG's stock dropped by nearly 1.4 percent by late afternoon on the London Exchange.