British Airways has been fined $26m by the Information Commissioner’s Office (ICO) for a data breach which affected more than 400,000 customers. From a report: The breach took place in 2018 and affected both personal and credit card data. The fine is considerably smaller than the $236m that the ICO originally said it intended to issue back in 2019. It said “the economic impact of Covid-19” had been taken into account. However, it is still the largest penalty issued by the ICO to date. The incident took place when BA’s systems were compromised by its attackers, and then modified to harvest customers’ details as they were input. It was two months before BA was made aware of it by a security researcher, and then notified the ICO.