Last year British Airlines got hacked. 380,000 customers had their data exposed. The criminal group Magecart claimed responsibility. That's old news (but you can read about it here).
What's current news is this: The British Information Commissioner's Office has levied a fine of £183 million (or just under $230 million at the time I wrote this) as a punishment for not being GDPR compliant.
You can read their official statement here: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/07/ico-announces-intention-to-fine-british-airways/
GDPR (General Data Protection Regulation), doesn't effect American based business typically. It's primarily for those based in the European Union. However, it DOES effect U.S. companies if they do business in the European Union.
For instance, Facebook could be ordered to pay about $1.63 billion (yes, BILLION) if it's found to have violated GDPR. That might actually come to pass as the social media giant is currently under investigation and apparently things don't look good for them.
If you're company does business overseas we can help. Download our FREE GDPR self readiness guide today and see where exactly you stand in regards to GDPR compliance: Free GDPR Self-Assessment Questionnaire