The Information Commissioner's Office has imposed a £183-million ($229-million) fine on British Airways under the UK Data Protection Act after card details of more than 380,000 customers were compromised following a cyber attack.
British Airways chairman Alex Cruz has stated that the company was "surprised and disappointed" by the initial ruling.
"British Airways responded quickly to a criminal act to steal customers' data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused", Cruz said.
According to Willie Walsh, chief executive of IAG that owns the company said the airline would appeal against the penalty, which may cost 1.5% of British Airway's worldwide turnover for the financial year.
"We intend to take all appropriate steps to defend the airline's position vigorously, including making any necessary appeals", he noted.
The company called the police only 16 days after the start of the hacker attack - on 5 September 2018. According to reports, the criminals could have stolen data that included customers' billing addresses, email addresses, and card payment information – including card numbers, expiration dates and in some cases their CVV security codes.