Which? response as ICO fines British Airways £20m for data breach

Kate Bevan, Which? Computing editor, said:

“It’s good to see the Information Commissioner sending a clear message to companies that it is unacceptable to play fast and loose with people’s personal data. However, our research suggests British Airways still has serious vulnerabilities on its websites that are leaving customers potentially exposed to opportunistic cybercriminals.

“Some customers will also be frustrated if they’ve suffered financially and emotionally from this data breach and had no redress. The government should provide a much clearer route by allowing for an opt-out collective redress regime that deals with mass data breaches.”

Notes to editors

• Marriott, British Airways and easyJet fail to learn data breach lessons as hundreds of serious security risks exposed by Which?

• Which? reveals the shocking scale of data theft following cyberattacks and calls for tough action against failing firms

Statement