The U.K. data regulator is fining British Airways 183 million pounds ($229 million) over a breach that compromised information on half a million customers.
The airline revealed in September that it had been the victim of a hack. The scam saw customers diverted to a fake website where credit card details were harvested by the attackers.
Britain's Information Commissioner's Office says its investigation found "poor security arrangements" by BA.
U.S. & World
The day's top national and international news.
The regulator said Monday that the fine — equivalent to 1.5% of the airline's annual turnover — is the biggest it has ever imposed.
Information Commissioner Elizabeth Denham said "the law is clear - when you are entrusted with personal data you must look after it."
The airline's chief executive, Alex Cruz, said he was "surprised and disappointed" by the penalty.