British Airways planes parked at Heathrow Airport in London. AP Photo/Frank Augstein, FILE

London - The UK data regulator is fining British Airways (BA) £183-million (about R3.2-billion) over a breach that compromised information on half a million customers.

The airline revealed in September that it had been the victim of a hack. 

The scam saw customers diverted to a fake website where credit card details were harvested by the attackers.

Britain's Information Commissioner's Office says its investigation found "poor security arrangements" by BA.

The regulator has now confirmed that the fine - equivalent to 1.5 percent of the airline's annual turnover - is the biggest it has ever imposed.

Information Commissioner Elizabeth Denham said "the law is clear - when you are entrusted with personal data you must look after it."

The airline's chief executive, Alex Cruz, said he was "surprised and disappointed" by the penalty.

British Airway's customer names, postal addresses, email addresses and credit card information was part of the data that was compromised at the time

The airline said it had attended to what was a 15-day breach and that customer's travel or passport details was not part of the information compromised.

When the issue became public, BA made a promise to compensate affected customers for what it described as "a very sophisticated, malicious, criminal attack on our website."