On 7th September 2018, British Airways announced that their online reservation systems had been accessed by an unauthorised third party. Between 21 August 2018 and 5 September 2018, the sensitive data of over 500,000 British Airways customers was compromised. The breach affected customers who had entered or amended data (including names, addresses, email addresses, debit/credit card details and CVV numbers) for their flight bookings on the British Airways website and app.

BA has been fined £183 million by the Information Commissioner’s Office – a regulator. None of this money, however, will go to the affected customers.


On 19 May 2020, budget airline EasyJet announced that it had been affected by a serious data breach. Approximately nine million customers had email and travel details stolen. A further 2,208 customers had credit and debit card details compromised, including the 3-digit security code known as the CVV number.

The breach took place in January 2020, meaning it took four months for EasyJet to notify its customers. EasyJet asked victims to ‘please be extra careful about phishing attacks’, stressing the threat that victims face from fraudsters.

PGMBM (a trading name of Excello Law Limited) – SRA License Number 512898