Spotlight on British Airways and MYOB over data breaches

Jul 19
Share on LinkedInTweet about this on TwitterGoogle+Share on FacebookEmail to someone

In a catastrophic week for data privacy, British Airways and MYOB have been publicly outed for data breaches.

British Airways has been slammed with a record $329.33 million AUD fine for compromising the personal information of roughly half a million people last year. 

The breach resulted in British Airways’ customers being diverted to a fraudulent site which harvested the details of around 500,000 people. 

Threat group Magecart has since been identified as the culprit. 

Details included credit card numbers, expiry dates and CVV codes, names, addresses and travel information. 

“People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience,” UK Information Commissioner, Elizabeth Denham, stated.

“That’s why the law is clear – when you are entrusted with personal data you must look after it.”

Meanwhile MYOB has apologised for a data leak that saw payment summaries sent to the incorrect recipients last month between 1 June and 28 June.

The online accounting-ware vendor has revealed 220 individual payment summaries were distributed to the wrong people. 

“We immediately switched off all outgoing payment summary emails to ensure no further incidents occurred, worked methodically to both rectify the glitch and check the emails in the backlog to ensure no further errors,” MYOB stated.

“A small handful were detected and stopped, while all other payment summary emails have since been released in batches with the final emails to be sent by close of business today.”

MYOB also said it has communicated with customers on how to protect their identities and offering advice on how to “safely and correctly dispose of the misdirected payment summary emails.”

It has also amended its code to make sure this error doesn’t happen again and is “working closely with the ATO and Office of the Australian Information Commissioner to ensure that all appropriate steps are taken.”

“We are sincerely sorry for the situation,” the statement says, “as well as the frustrations experienced by all our AccountRight Live customers caused by the delay in sending the payment summary emails. We apologise for the inconvenience caused as we know it is a busy time of year for businesses, however we could not take the risk with such sensitive, personal information.”

Criterion’s 3rd Data Privacy and Protection Summit is running at the Sydney Harbour Marriott from 27-29 August 2019. With a host of speakers at the forefront of data privacy and protection, this is a unique opportunity to adapt to regulatory requirements, build a privacy-aware culture and strengthen customer trust in your business.

Submitted by Criterion Content Team

Criterion Content Team

This post has been written by the Criterion Conferences Content Team. Based in Sydney, we are an independent research organisation, producing over 90 conferences a year across a variety of industries. Our events, attended by thousands of senior delegates from the public and private sector, are designed to enrich, inspire and motivate. Our focus is on providing innovative, value adding content via our conferences and blogs like this are extension of that principle. You can view our conferences by visiting our website

Leave a Comment

Your email address will not be published. Required fields are marked *

Other blog posts you may enjoy: