British Airways owner IAG said on Monday the UK Information Commissioner’s Office (ICO) intends to impose a penalty of 183.4 million pounds ($229.8 million) for the theft of customer data from the airline’s website last year.
The airline revealed last September that the credit card details of hundreds of thousands of its customers were stolen in an attack on its website and app.
It said the ICO had indicated it proposes to impose the penalty, which equates to 1.5% of its worldwide turnover for 2017.
“We are surprised and disappointed in this initial finding from the ICO,” said Alex Cruz, BA’s chairman and chief executive.
“British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft,” he said, adding an apology to customers for any inconvenience caused.
Willie Walsh, International Airlines Group’s chief executive, said BA would be making representations to the ICO in relation to the proposed fine.
“We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals,” he said.