British Airways settles lawsuit over data breach which hit 420,000 people

The airline does not admit liability as part of the settlement and details of payouts will remain confidential.
British Airways planes
PA Wire
Simon Neville6 July 2021

British Airways has settled a legal claim over a major data breach that affected 420,000 customers and staff.

The breach in 2018 included the leaking of names, addresses and card payment details and led to the Information Commissioner’s Office (ICO) handing out its largest ever fine at £20 million.

Law firm Pogust, Goodhead, Mousinho, Bianchini and Martins (PGMBM) said the settlement was reached following mediation with BA and the terms are confidential.

Previously, lawyers said the lawsuit was the largest group action over a data breach in British legal history, with 16,000 claimants when filed in April last year.

We are very pleased to have come to a resolution on this matter after constructive mediation with British Airways

Harris Pogust, PGMBM law firm

The deal struck will see claimants paid out and the airline said it has directly apologised to those involved.

Harris Pogust, chairman of PGMBM, said: “We are very pleased to have come to a resolution on this matter after constructive mediation with British Airways. This represents an extremely positive and timely solution for those affected by the data incident.

“The Information Commissioner’s Office laid out how BA did not take adequate measures to keep its passengers’ personal and financial information secure. However, this did not provide redress to those affected. This settlement now addresses that.”

A BA spokesperson said: “We apologised to customers who may have been affected by this issue and are pleased we’ve been able to settle the group action.

“When the issue arose we acted promptly to protect and inform our customers.”

The ICO initially threatened to fine BA £183 million for the breach under GDPR rules, but this was reduced to £20 million due to the airline pointing out it was in financial difficulty due to the Covid-19 pandemic.

PGMBM is also representing a growing number of claimants in a case relating to a similar data breach of EasyJet data revealed in May 2020, which saw nine million passengers’ data exposed, including names, email addresses and travel information.

Mr Pogust added: “The pace at which we have been able to resolve this process with British Airways has been particularly encouraging and demonstrates how seriously the legal system is taking mass data incidents.

“This is a very positive sign as we look ahead to what will be an even bigger case against EasyJet relating to their 2020 data breach, as well as other similar international actions.”

Create a FREE account to continue reading

eros

Registration is a free and easy way to support our journalism.

Join our community where you can: comment on stories; sign up to newsletters; enter competitions and access content on our app.

Your email address

Must be at least 6 characters, include an upper and lower case character and a number

You must be at least 18 years old to create an account

* Required fields

Already have an account? SIGN IN

By clicking Create Account you confirm that your data has been entered correctly and you have read and agree to our Terms of use , Cookie policy and Privacy policy .

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in