Share on facebook
Share on google
Share on twitter
Share on linkedin

On 7th September 2018, British Airways announced that their online reservation systems had been accessed by an unauthorised third party. Between 21 August 2018 and 5 September 2018, the sensitive data of more than 420,000 British Airways customers was compromised. 

The breach affected customers who had entered or amended data (including names, addresses, email addresses, debit/credit card details and CVV numbers) for their flight bookings on the British Airways website and app.

Initially, BA was fined £183 million by the Information Commissioner’s Office – a regulator – for the breach. However, in October 2020 a decision was granted to levy the fine, reducing it to £20 million. None of this money will go to the affected customers. 

PGMBM have welcomed the levy decision from the ICO and believe it is now time for the victims to compensated.  

Instructed by thousands of affected customers, we are looking to obtain the appropriate compensation for the breaches. EU General Data Protection (EU GDPR) gives individuals the right to compensation for non-material damages.

PGMBM Partner, Harris Pogust, states that “Data breach has become one of the most serious issues affecting all of us.  The information provided to British Airways by its customers was some of the most personal information each of us possesses.  When we entrust companies with such information, we expect a certain level of conduct to protect such information.  Unfortunately, British Airways failed in that task and exposed credit card information for over 500,000 people to the world.”

To find out more, visit

PGMBM (a trading name of Excello Law Limited) – SRA License Number 512898

Excello Law is authorised and regulated by the Solicitors Regulation Authority and complies with the Solicitors Code of Conduct, a copy of which can be located here.