Visit Florida

Published on Wednesday, January 13, 2021

BA facing 800m pound lawsuit over data breach


British Airways is facing the largest group claim over a data breach in UK history following a 2018 incident that exposed details of more than 400,000 of its customers.

More than 16,000 customers have joined the case ahead of a March deadline to sign up to the action so far, according to PGMBM, the lead solicitors in the group litigation case.

Each of the victims could be awarded up to £2,000 each, based on previous court rulings. If every one of the 400,000 victims puts in a claim, that might lead to a payout of more than £800m.

BA has already been fined £20m for the data breach, but this was reduced from an initial fine of £183m.

The airline has indicated that it is prepared to settle claims in a letter filed with the court last week, according to the Financial Times.

But BA said: "We continue to vigorously defend the litigation in respect of the claims brought arising out of the 2018 cyber attack.

"We do not recognise the damages figures put forward, and they have not appeared in the claims."

BA revealed that the data breach in September 2018 had led to the names, debit and credit card numbers, addresses and email addresses of its customers being leaked to fraudsters.

Some passengers were diverted to a fake website where their details were harvested.

Data regulator, the Information Commissioner's Office, said BA could have taken measures to reduce the risk, such as the testing of its cyber-defences.

However, it said BA had 'considerably' improved its cyber security since the attack.

The BA case is the first group lawsuit of its kind to be brought under data protection rules known as GDPR introduced in 2018.

It is also the largest 'opt-in' claim in relation to a UK data breach.

Kate Bevan, Which? Computing Editor, said: "This was a really nasty data breach that left hundreds of thousands of British Airways customers exposed to possible financial and emotional harm.

"Which? is calling for consumers to have an easier route to redress when they suffer from data breaches. The Government must allow for an opt-out collective redress regime which would mean that affected victims can be automatically included in similar representative actions."

Story Image

Your Comments

, be the first to post a comment.
Your email:

Email other comments made to this story

NOTE: Comments are subject to admin approval before being posted.
Mole Poll
UK Lockdown 3.0 ? Fully justified ?
YES 56.73 %
NO 43.27 %

Thank you for your vote

What is GoodtoGo?

Submit your news
or special offer

Current UK Special Edition

Current US Special Edition

Current Asia/Pacific Special Edition


Should the UK have a Cabinet Minister for Tourism ? UKInbound talk to TravelMole

Travelzoo talk about 2021 prospects - what's hot and what's not

The Rocky Mountaineer comes to Colorado

Destination Marketing Campaigns explained by Brightons 'Never Normal' Team

Sri Lanka 2021 - its the place to be