Our firm has welcomed the decision from the Information Commissioner’s Office (ICO) to levy British Airways’s fine over their 2018 breach. We believe it is now time for the half a million BA customers affected by the breach to be compensated.
Harris Pogust, Chairman, commented: “Unfortunately, Covid-19 has taken a significant toll on the airline industry and the move by the ICO to reduce BA’s fine should allow them to protect the business. However, it is now time for BA to compensate the victims.
“In their decision, the ICO sets forth in no uncertain terms that BA failed to take adequate measures to keep the vital personal and financial information of its customers secure. This information is now in the hands of those who would use it for what can only be seen as nefarious purposes.
“We wholeheartedly support those employees of BA who have suffered, as have millions of others, during these trying times. That being said, BA must still abide by the laws and cannot expose its customers to personal attacks by those who seek to cause them financial and emotional harm.”
The fine for their data-protection law breach has been vastly reduced from £183 million to £20 million.
Case background
British Airways revealed on 7 September 2018 that there had been a breach of its security systems leading to over 400,000 customers and staff having their personal data leaked, including:
- Names
- Addresses
- Payment card numbers
- CVV numbers
- Usernames and passwords of BA accounts.
In July 2019, the Information Commissioner’s Office issued a notice of its intention to fine British Airways £183 million for infringements of the General Data Protection Regulation (GDPR). However, the ICO last week confirmed that it had revised the fine down to £20 million, having considered representations from BA and the impact of Covid-19 on the business.
Under the EU General Data Protection Regulation (EU-GDPR), British Airways customers who have had their data compromised by this data breach have a right to compensation for non-material damage. This means compensation for inconvenience, distress, annoyance and loss of control of their personal data.
“We trust companies like British Airways with our personal information and they have a duty to all of their customers and the public at large to take every possible step to keep it safe. In this instance, they failed in that duty,” Harris said.
We are representing thousands of victims who have already joined the group action.
How to claim
If you received an email from the airline in 2018 notifying you that your data had been compromised, it is likely you are eligible to sign up.
It is probable that the email had the subject line, ‘Criminal Theft of Customer Data, more information.’
All affected customers from around the world can join the claim on a no-win, no-fee basis, whether the exposure of their personal data has led to significant ill effects or not.
