United Kingdom
United States
Asia Pacific
BA facing 800m pound lawsuit over data breach
British Airways is facing the largest group claim over a data breach in UK history following a 2018 incident that exposed details of more than 400,000 of its customers.
More than 16,000 customers have joined the case ahead of a March deadline to sign up to the action, according to PGMBM, the lead solicitors in the group litigation case.
Each of the victims could be awarded up to £2,000 each, based on previous court rulings. If every one of the 400,000 victims puts in a claim, that will lead to a payout of more than £800m.
BA has already been fined £20m for the data breach, but this was reduced from an initial fine of £183m.
The airline has indicated that it is prepared to settle claims in a letter filed with the court last week, according to the Financial Times.
But BA said: "We continue to vigorously defend the litigation in respect of the claims brought arising out of the 2018 cyber attack.
"We do not recognise the damages figures put forward, and they have not appeared in the claims."
BA revealed that the data breach in September 2018 had led to the names, debit and credit card numbers, addresses and email addresses of its customers being leaked to fraudsters.
Some passengers were diverted to a fake website where their details were harvested.
Data regulator, the Information Commissioner’s Office, said BA could have taken measures to reduce the risk, such as the testing of its cyber-defences.
However, it said BA had ‘considerably’ improved its cyber security since the attack.
The BA case is the first group lawsuit of its kind to be brought under data protection rules known as GDPR introduced in 2018.
It is also the largest ‘opt-in’ claim in relation to a UK data breach.
Kate Bevan, Which? Computing Editor, said: "This was a really nasty data breach that left hundreds of thousands of British Airways customers exposed to possible financial and emotional harm.
"Which? is calling for consumers to have an easier route to redress when they suffer from data breaches. The Government must allow for an opt-out collective redress regime which would mean that affected victims can be automatically included in similar representative actions."
Related News Stories:
Linsey McNeill
Editor Linsey McNeill has been writing about travel for more than three decades. Bylines include The Times, Telegraph, Observer, Guardian and Which? plus the South China Morning Post. She also shares insider tips on thetraveljournalist.co.uk
Kittipong Prapattong’s Plan for Thailand’s Tourism Growth: Taxes, Visas, and Campaigns
James Jin: Didatravel’s Journey from China to Global Reach and the Impact of AI on Travel
Darien Schaefer on Pensacola’s Evolution: From Small Town to Global Destination
Florida Tourism’s Next Frontier: Dana Young on Expanding Beyond the Classics
Patrick Harrison on Tampa Bay Tourism’s Resilience and Marketing Strategy
Bubba O’Keefe on Clarksdale’s Vibrant Music Scene
Commemorating Elvis and Embracing Tupelo’s Culture with Jennie Bradford Curlee
Craig Ray and the Expansion of the Blues Trail
Presenting Mississippi’s Cultural Trails with Katie Coats
Robert Terrell: A Journey Through BB King’s Influence
Rochelle Hicks: Celebrating Mississippi’s Musical Legacy
Exploring Jacksonville with Katie Mitura: The Flip Side of Florida
Dozens fall ill in P&O Cruises ship outbreak
Turkish Airlines flight in emergency landing after pilot dies
Boy falls to death on cruise ship
Unexpected wave rocks cruise ship
Storm Lilian travel chaos as bank holiday flights cancelled