Search for Cases

Case Details

Case Code: ITSY101
Case Length: 11 Pages
Period: 2017-2019     
Pub Date: 2019
Teaching Note: Available
Price:Rs.350
Organization : British Airways
Industry :Aerospace & Defense
Countries : United Kingdom
Themes: Data Privacy/Management of Information Systems/Regulatory Environment/Reputation ManagementDigital Campaigns/
 
Business Strategy
Marketing
Finance
Human Resource Management
IT and Systems
Operations
Economics
Leadership & Entrepreneurship
Case Studies  

Passenger Data Breach at British Airways

 

ABSTRACT

 
The case study “Passenger Data Breach at British Airways” walks us through the largest data breach in the history of the aviation industry, one which compromised the financial and personal data of 380,000 passengers in 2018. The data breach was a result of a cyber-attack on the website and mobile application of British Airways (BA), for booking transactions done between August 21 and September 5, 2018. The case also takes into account the impending fine of US$ 230 million imposed on BA by General Data Protection Regulation (GDPR), the regulatory arm of the International Commissioner’s Office (ICO), UK, on July 2019, for neglecting the security of its customers. The case throws light on the recurrent information technology (IT) glitches at BA, in 2017, 2018, and 2019. It highlights the research data and information gathered by different cyber bug researchers and academicians from the research companies and educational institutions of the UK and the world on the pattern of the cyber-attacks. Accepting the magnitude of the privacy intrusion, BA apologized to its customers and promised to reimburse them for any financial losses they had suffered due to the data breach. The case also highlights the importance of the airline’s software and website being updated (last updated in 2012) at periodic intervals to save it from future hacks and the resultant data breach. It concludes with BA’s attempt to save its brand image (as it’s the largest international carrier of UK), and throws light on measures BA might adopt to tighten its IT governance given the stringent European law.
 
IT and Systems Case Studies | Case Study in Management, Operations, Strategies, IT and Systems, Case Studies
or
IT and Systems Case Studies Case Studies | Case Study in Management, Operations, Strategies, IT and Systems, Case Studies
or
PayPal (8 USD)

 

Issues

The case is structured to achieve the following teaching objectives:
  • The importance of information system security in customer facing companies.
  • The vulnerability of an IT environment due to advancement of technology.
  • Categories of cyber-attacks and why adoption of security measures is critical for a customer-facing company.
  • How a stringent regulatory environment is forcing companies to protect customer data.
Contents
INTRODUCTION
BRIEF PROFILE OF BA
THE DATA BREACH OF 2018
LACK OF IT GOVERNANCE AT BA?
BA’S RESPONSE
EXHIBITS

Keywords

British Airways; Data breach; privacy breach; GDPR; ICO; IT Governance; mobile application; cyber-attack; cyber-bug; hacking; cross-site scripting (XSS); JavaScript; malicious; Information Security; Information System; IS Security; DoS

INTRODUCTION - Next Page>>