Visit Florida

Published on Wednesday, January 13, 2021

BA facing 800m pound lawsuit over data breach


British Airways is facing the largest group claim over a data breach in UK history following a 2018 incident that exposed details of more than 400,000 of its customers.

More than 16,000 customers have joined the case ahead of a March deadline to sign up to the action so far, according to PGMBM, the lead solicitors in the group litigation case.

Each of the victims could be awarded up to £2,000 each, based on previous court rulings. If every one of the 400,000 victims puts in a claim, that might lead to a payout of more than £800m.

BA has already been fined £20m for the data breach, but this was reduced from an initial fine of £183m.

The airline has indicated that it is prepared to settle claims in a letter filed with the court last week, according to the Financial Times.

But BA said: "We continue to vigorously defend the litigation in respect of the claims brought arising out of the 2018 cyber attack.

"We do not recognise the damages figures put forward, and they have not appeared in the claims."

BA revealed that the data breach in September 2018 had led to the names, debit and credit card numbers, addresses and email addresses of its customers being leaked to fraudsters.

Some passengers were diverted to a fake website where their details were harvested.

Data regulator, the Information Commissioner's Office, said BA could have taken measures to reduce the risk, such as the testing of its cyber-defences.

However, it said BA had 'considerably' improved its cyber security since the attack.

The BA case is the first group lawsuit of its kind to be brought under data protection rules known as GDPR introduced in 2018.

It is also the largest 'opt-in' claim in relation to a UK data breach.

Kate Bevan, Which? Computing Editor, said: "This was a really nasty data breach that left hundreds of thousands of British Airways customers exposed to possible financial and emotional harm.

"Which? is calling for consumers to have an easier route to redress when they suffer from data breaches. The Government must allow for an opt-out collective redress regime which would mean that affected victims can be automatically included in similar representative actions."

Story Image

Your Comments

, be the first to post a comment.
Your email:

Email other comments made to this story

NOTE: Comments are subject to admin approval before being posted.
Mole Poll
Do you expect an 'avalanche' of orders this week ?


We talk to TravelUNI about their recent Travel Agency Research

Two homeworking agents - how have they handled the Pandemic?

Alexis Peppis tells us all there is to know about Tiqets

TravelMole's Graham McKenzie talks with Micheal Ros, Hotel Booking disruptor Bidroom

Jerad Bachar of Pittsburgh about the future of city tourism