ICMR (IBS Center for Management Research), IFHE Hyderabad
Case Collection
Other Products
Services
Case Resources
E-newsletter
+91- 9640901313
  1. Home
  2. Case Collection
  3. IT and Systems
  4. Details

Passenger Data Breach at British Airways

Price: 450 Add to Cart
Details
Case Code:

ITSY101

Case Length:

10

Period:

2017-2019

Pub Date:

2019

Teaching Note:

YES

Price (Rs):

450

Organization:

British Airways

Industry:

Aerospace & Defense

Country:

United Kingdom

Themes:

Data Privacy,Management of Information Systems; Regulatory Environment; Reputation Management

Abstract

The case study “Passenger Data Breach at British Airways” walks us through the largest data breach in the history of the aviation industry, one which compromised the financial and personal data of 380,000 passengers in 2018. The data breach was a result of a cyber-attack on the website and mobile application of British Airways (BA), for booking transactions done between August 21 and September 5, 2018. The case also takes into account the impending fine of US$ 230 million imposed on BA by General Data Protection Regulation (GDPR), the regulatory arm of the International Commissioner’s Office (ICO), UK, on July 2019, for neglecting the security of its customers. The case throws light on the recurrent information technology (IT) glitches at BA, in 2017, 2018, and 2019. It highlights the research data and information gathered by different cyber bug researchers and academicians from the research companies and educational institutions of the UK and the world on the pattern of the cyber-attacks. Accepting the magnitude of the privacy intrusion, BA apologized to its customers and promised to reimburse them for any financial losses they had suffered due to the data breach. The case also highlights the importance of the airline’s software and website being updated (last updated in 2012) at periodic intervals to save it from future hacks and the resultant data breach. It concludes with BA’s attempt to save its brand image (as it’s the largest international carrier of UK), and throws light on measures BA might adopt to tighten its IT governance given the stringent European law.

Learning Objectives

The case is structured to achieve the following Learning Objectives:

  • The importance of information system security in customer facing companies
  • The vulnerability of an IT environment due to advancement of technology
  • Categories of cyber-attacks and why adoption of security measures is critical for a customer-facing company
  • How a stringent regulatory environment is forcing companies to protect customer data
Keywords

British Airways; Data breach; privacy breach; GDPR; ICO; IT Governance; mobile application; cyber-attack; cyber-bug; hacking; cross-site scripting (XSS); JavaScript; malicious; Information Security; Information System

Buy this case study (Please select any one of the payment options)

Price: 450

Instant Download

Price: 450

Express Checkout

PayPal: 11

Add to Cart
Move to top