British Airways (BA, London Heathrow) may face a hefty fine from the European Union authorities after the carrier admitted to a massive data leak in which credit card details of 380,000 customers were stolen during two weeks in August and September 2018, Bloomberg has reported.
CEO Alex Cruz told the BBC that the information leaked included credit card numbers, expiration dates, security codes, and passenger names. Itinerary details, passport numbers, and other personal information were not leaked.
Under the EU rules in force since May 2018, companies found guilty of not protecting their customers' data appropriately can be fined up to 4% of their annual revenue. Based on BA's 2017 results, this would amount to GBP489 million pounds (USD632 million).
Cruz already apologised to passengers and advised all affected customers to contact their banks or credit card providers. He also promised that all passengers financially affected by the leak would be fully compensated by British Airways. It is not yet clear how many customers would be entitled to such a pay out.
The UK's Information Commissioner's Office (ICO) said that BA was cooperating in an "exemplary" manner.