British Airways is facing a record $230 million fine after a website failure compromised the personal details of roughly 500,000 customers. British Airways is set to face the largest penalty under the new privacy law known as the General Data Protection Regulation (GDPR); it was implemented last year for the complete region under the European Union. The UK’s information commissioner said that the weak security allowed the user traffic to be diverted from the British Airways website to fraudulent page starting in June 2018. The airline had compromised the security of over 500,000 customers who had entered various personal and payment details.

The penalty implemented on the airline under the new GDPR law is one of the largest, while the regulator has added that the company will have a chance to contest the proposed fine. The attackers were able to harvest customer details that include log-ins, payment cards, and various travel booking details according to the regulator the company had disclosed the incident in September 2018. The fine imposed is roughly about 1.5 percent of the annual revenue generated by British Airways. The carrier is owned by IAG and said that it would be fighting the penalty.

Alex Cruz British Airways CEO added in a diverse statement that British Airways was quick to respond to initial findings. We have found no evidence that the account linked with theft, for any irregular activities he added. GDPR, as a security law forces the companies to make sure that they collect, process, and stored data is safe. Organizations that holds or uses data of users within the European boundaries are subject to be included under the rules of GDPR, regardless of where they are currently based. Companies that breach the law can be fined up to 4 percent of the annual revenue. The information Commissioner office has become one of the most promoted digital space; it had fined Facebook $626,000 last year over the Cambridge analytical data theft.