British Airways: ICO £20m penalty notice for information security breaches
Related News
- ICO Data Protection Fining Guidance
- The Data Protection (Adequacy) (United States of America) Regulations 2023
- F.F. v Österreichische Datenschutzbehörde, Case C 487/21
- ICO – updated Guidance on AI and data protection
- ICO Guidance on direct marketing using electronic mail
- Data Protection and Digital Information Bill – Explanatory notes
British Airways: ICO £20m penalty notice for information security breaches
This contains some useful insights, albeit heavily redacted, for managing security in professional firms into the security breaches which gave rise to the loss of personal data. They include failure to use multi-factor authentication, failure to address known Citrix security issues, failure to apply user access management (the principle of least privilege) and failure to implement application whitelisting or blacklisting. Other measures which could have been implemented included penetration testing and logging access to certain files, monitoring of failed log in attempts and monitoring of guest accounts.
See here.
‹ Back to News