In 2020, a number of companies were finally fined by the ICO for breaches as far back as 2018.

Below is a rundown and summary of the companies fined by the ICO between January and December 2020.

DSG Retail Ltd – 09/01/2020

DSG Retail Ltd retails consumer electronic products and operated under a variety if trading styles including Curry’s PC World and Dixon’s Travel Stores.

Between July 2017 and April 2018, an attacker installed malware on 5,390 tills at DSG’s Curry’s PC World and Dixons Travel stores, which led to the attacker gaining control to multiple domain administrator accounts and compromising the DSG infrastructure.

£500,000 FINE.

Cathay Pacific – 04/03/2020

Cathay Pacific are an airline based in Hong Kong, flying to some 200 destinations around the world.

In May 2018, it was discovered that over the span of 4 years, all four of their systems were compromised in a large-scale breach. This included their System A (Customer database), System B (Membership details), System C (Back-end database used for Web-based apps) and lastly, their System D (a transient database for members to redeem non-air awards).

£500,000 FINE.

British Airways – 16/10/2020

British Airways experienced a cyber attack back in 2018, where in a cyber attacker gained access to approximately 428,612 customers personal details (including their names, address, card details and more).

£20M FINE.

Marriott International Inc – 30/10/2020

Marriott, Starwood Hotels at the time of the breach in 2014, estimates that a total of 339 million guest records were affected following a cyber attack on Starwood Hotels and Resorts Worldwide.

Unfortunately for Marriott, the breach wasn’t detected until September 2018 by which time the hotels had been acquired by Marriott.

£18.4M FINE.

Ticketmaster UK Ltd – 13/11/2020

Ticketmaster used a webchat from a third party on their online payments page, back in 2018 which resulted in cyber criminals gaining access to customer’s financial details.

£1.25M FINE.