Are BA’s Vaccine Passports Cyber Secure?

Following two incredibly high-profile data breaches in 2018, sceptics are dubious about British Airways new digital vaccine passports and the implications for cybersecurity.


Digital Vaccine Passports

British Airways has announced it will be rolling out digital vaccine passports. But, this comes with significant data protection responsibilities, with particular concerns around the risk to sensitive medical data.

BA’s history of data protection leaves something to be desired. The airline suffered two significant data breaches in 2018, exposing the personal information of more than 420,000 British Airways customers. As a result, the ICO issued BA with a £20m fine, with the total compensation pay-out potentially reaching an additional £2.4bn.


Implications for Data Breaches

The advent of digital vaccine passports means that British Airways will now be responsible for not only a greater volume of client data, but data of an even more sensitive nature.

Your Lawyers is a leading consumer action law firm which was appointed a Steering Committee position by the High Court of Justice against British Airways. It specialises in data breaches and is representing claimants affected by a number of high profile breaches including those where medical data has been leaked.

Aman Johal, Lawyer & Director of Your Lawyers, comments:

“British Airways’ plan to use digital vaccine passports means that their data protection responsibilities are set to be even more significant. When you consider that BA may now also need to store and process sensitive medical information, passengers have every right to be concerned, especially given that the travel industry is a prime target for cybercriminals. The recent major SITA cyberattack is just one of the many attacks which have affected the sector over the last few years, and is a breach that impacted BA customers.

“The airline’s plans raise alarm bells when you consider their own track record of information security. In 2018, the airline suffered two significant data breaches, exposing the personal information and sensitive payment card data of more than 420,000 customers, resulting in a £20m fine from the ICO and a potential compensation pay-out bill of up to £2.4bn.


How Can BA Protect their Clients?

Aman Johal goes on to explain how BA might better protect their client data:

“If BA goes ahead with its plans to enforce digital vaccine passports, it must go the extra mile to protect this information, as medical data is among the most valuable that an organisation can hold and is targeted by cybercriminals. Due to the particularly sensitive nature of medical data, compensation pay-outs for offending businesses can be far more costly because of the increased potential for consumers to experience distress and psychological trauma from the breach.

Given the potential volume of consumers using BA’s vaccine passports, and the cybersecurity risks involved, the airline could face another devastating financial blow if it fails to take its data protection responsibilities seriously again.”