The 2018 BA Data Breach Claim has become the largest group action personal data claim in UK history, with over 16,000 victims seeking compensation from the airline. We are the lead solicitors in the group litigation case against British Airways on behalf of the victims.
We expect that victim compensation could be up to £2,000, putting BA’s overall potential liability at around £800 million.
Tom Goodhead, Global Managing Partner, said: “British Airways passengers feel let down by what transpired. They are well within their rights to be compensated for what was previously a trusted airline playing fast and loose with their personal information, leaving it vulnerable for nefarious hackers to take advantage of.
“We trust companies like British Airways with our personal information and they have a duty to all of their customers and the public at large to take every possible step to keep it safe. In this instance, they presided over a monumental failure.”
Fines and liability
British Airways revealed on 7 September 2018 that there had been a breach of its security systems, leading to over 420,000 customers and staff having their personal data leaked, including names, debit and credit card numbers, addresses and email addresses.
In July 2019, the Information Commissioner’s Office issued a notice of its intention to fine British Airways £183 million for infringements of the General Data Protection Regulation (GDPR). However, in October, the ICO revised the fine down to £20 million, having considered representations from BA and the impact of Covid-19 on the business.
Tom welcomed the ICO decision to reduce the fine levied against British Airways but says that now is the time for the victims to be compensated.
He said: “Unfortunately, Covid-19 has taken a toll on the airline industry, and the move by the ICO to reduce BA’s fine was a sensible one. However, the ICO fine does not cover any compensation for victims of the breach.
“However, the ICO set forth in no uncertain terms that BA failed to take adequate measures to keep the vital personal and financial information of its passengers secure. It’s yet another instance of a massive corporate entity showing complete disregard for their customers, and those customers deserve some redress.”
Under the EU General Data Protection Regulation (EU-GDPR), British Airways customers who have had their personal information compromised by this breach have a right to compensation for non-material damage – inconvenience, distress, annoyance and loss of control of their personal data.
We are specialists in international group litigation and are the court-appointed lead solicitors in the group litigation surrounding the BA Data Breach.
Tom highlighted that, while BA denies liability, it is important to maintain progress in the fight for the victims.
“At the Case Management Conference in November 2020, British Airways informed the High Court that it was open to the possibility of entering into settlement discussions with the Claimants,” he said.
“We have not yet received any settlement proposals from BA and, until such time as any are received, we will continue to progress the litigation, including at the upcoming Costs and Case Management Conference in the High Court in February.”
Check if you were affected
Affected British Airways passengers received an email from the airline in 2018 notifying them that their data had been compromised. The email is likely to have had the subject line, ‘Criminal Theft of Customer Data, more information’.
Passengers may have to check their junk or spam email folders to find the email, as well as their relevant British Airways booking reference.