British Airways Data Breach Claim becomes biggest of its kind in the UK

Share on facebook
Share on google
Share on twitter
Share on linkedin

The 2018 BA Data Breach Claim has become the largest group action personal data claim in UK history, with over 16,000 victims seeking compensation from the airline. PGMBM are the lead solicitors in the group litigation case against British Airways on behalf of victims.

We expect that victim compensation could be up to £2,000, putting BA’s overall potential liability at around £800million.

Tom Goodhead, Partner at PGMBM, said: “British Airways passengers feel let down by what transpired. They are well within their rights to be compensated for what was previously a trusted airline playing fast and loose with their personal information, leaving it vulnerable for nefarious hackers to take advantage of.

“We trust companies like British Airways with our personal information and they have a duty to all of their customers and the public at large to take every possible step to keep it safe. In this instance, they presided over a monumental failure.”

Those involved now have until 19 March 2021 to sign up via the dedicated website, badatabreach.com.

Fines and liability

British Airways revealed on 7 September 2018 that there had been a breach of its security systems, leading to over 420,000 customers and staff having their personal data leaked, including names, debit and credit card numbers, addresses and email addresses.

In July 2019, the Information Commissioner’s Office issued a notice of its intention to fine British Airways £183million for infringements of the General Data Protection Regulation (GDPR). However, in October the ICO revised the fine down to £20million, having considered representations from BA and the impact of Covid-19 on the business.

Tom welcomed the ICO decision to reduce the fine levied against British Airways but says that now is the time for the victims to be compensated.

He said: “Unfortunately, Covid-19 has taken a toll on the airline industry and the move by the ICO to reduce BA’s fine was a sensible one. However, the ICO fine does not cover any compensation for victims of the breach.

“However, the ICO set forth in no uncertain terms that BA failed to take adequate measures to keep the vital personal and financial information of its passengers secure. It’s yet another instance of a massive corporate entity showing complete disregard for their customers, and those customers deserve some redress.”

Under the EU General Data Protection Regulation (EU-GDPR), British Airways customers who have had their personal information compromised by this breach have a right to compensation for non-material damage – inconvenience, distress, annoyance and loss of control of their personal data.

PGMBM are a specialist in international group litigation and are the court-appointed lead solicitors in the group litigation surrounding the BA Data Breach.

Tom highlighted that, while BA deny liability, it is important to maintain progress on the fight for the victims.

“At the Case Management Conference in November 2020, British Airways informed the High Court that it was open to the possibility of entering into settlement discussions with the Claimants,” he said.

“We have not yet received any settlement proposals from BA and, until such time as any are received, we will continue to progress the litigation, including at the upcoming Costs and Case Management Conference in the High Court in February.”

Check if you’re a victim

Affected British Airways passengers received an email from the airline in 2018 notifying them that their data had been compromised. The email is likely to have had the subject line, ‘Criminal Theft of Customer Data, more information’.

Passengers may have to check their junk or spam email folders to find the email, as well as their relevant British Airways booking reference. If a passenger cannot find the email but are sure they received it, they can still get in touch with PGMBM to sign a statement of truth.

All affected customers from around the world can join the claim on a no-win, no-fee basis, whether the exposure of their personal data has led to significant ill effects or not, via badatabreach.com before 19 March 2021.

This news story was also published in: The Financial Times, Bloomberg, The Independent, Sky News, London Evening Standard, The Irish Times & many more. 

PGMBM (a trading name of Excello Law Limited) – SRA License Number 512898

Badge