Skip to content
Go to Home Page
News

London Heathrow Fined $160,000 for Lost USB Drive

Katherine Fan
Articles
Katherine Fan is a former senior travel features reporter at The Points Guy who covered everything from personal finance to travel and aviation.
Oct. 09, 2018
2 min read
London Heathrow Terminal
London Heathrow Fined $160,000 for Lost USB Drive
This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. Terms apply to the offers listed on this page. For an explanation of our Advertising Policy, visit this page.
Sign up for our daily newsletter

London Heathrow airport has been fined $160,000 for losing a USB memory drive containing highly sensitive information last October.

The USB memory stick had been found on a London street October 17 by a passerby, who then viewed the contents on a computer at the local library before passing along the flash drive to the UK newspaper the Sunday Mirror. Heathrow, however, did not report the lost device until October 26, and the first media report about the data breach was published on October 29. Heathrow submitted a formal breach notification on November 7 to the Information Commissioner's Office, the UK privacy watchdog which handed down the ruling and fine.

None of the highly sensitive data was either password-protected or encrypted, according to the Information Commissioner's Office. The data on the drive included "the exact route the Queen takes when using the airport and security measures used to protect her" as well as a timetable of airport patrols. The memory stick had been lost by a Heathrow security trainer.

"Data protection should have been high on Heathrow's agenda. But our investigation found a catalog of shortcomings in corporate standards, training and vision that indicated otherwise," says Steve Eckersley, ICO director of investigations. "Data protection is a boardroom issue, and it is imperative that businesses have the policies, procedures and training in place to minimize any vulnerabilities of the personal information that has been entrusted to them."

The Information Commissioner's Office charged the airport under the Data Protection Act 1998, which was in effect at the time of the breach and which allowed for a maximum fine of $657,000.

"Following this incident, the company took swift action and strengthened processes and policies," a Heathrow spokeswoman said. "We accept the fine that the ICO have deemed appropriate, and we have spoken to all individuals involved. We recognize that this should never have happened and would like to reassure everyone that necessary changes have been implemented, including the start of an extensive information security training program, which is being rolled out companywide. We take our compliance with all laws extremely seriously and operate within the stringent regulatory and legal requirements demanded of us."

Heathrow is the largest airport in London, ands is part of the world's busiest airport system, handling more than 2.5 million flights a year.

Featured image by Getty Images

Top offers from our partners

How we chose these cards

Our points-obsessed staff uses a plethora of credit cards on a daily basis. If anyone on our team wouldn’t recommend it to a friend or a family member, we wouldn’t recommend it on The Points Guy either. Our opinions are our own, and have not been reviewed, approved, or endorsed by our advertising partners.
See all best card offers
Related stories
Hyatt Zilara Cancun
News
Now live: Earn up to 45,000 bonus points with Hyatt’s newest Bonus Journeys promotion
Fitness class inside Disneyland's Disney California Adventure Park
News
Om-azing! You can now take sunrise yoga classes at Disneyland
News
American finally reopens its fanciest London lounge with 1 big upgrade
milan
Deals
Fly round trip to Italy for as little as $433