British Airways settles with 2018 data breach victims

A British Airways plane taking off
(Image credit: Shutterstock)

British Airways has reached a “confidential” settlement agreement with the victims of a 2018 data breach that saw the personal information of 420,000 staff and customers leaked, including names, debit and credit card numbers, addresses, and email addresses.

Law firm PGMBM, which had led the mediation between British Airways and the victims, released a statement announcing that the litigation has been “resolved on confidential terms”.

The resolution does not include any admission of liability by the UK’s flag carrier airline, said the law firm’s court-appointed lead solicitors, who had filed the claim on behalf of those affected in April 2020.

However, PGMBM chairman Harris Pogust said that today’s settlement “represents an extremely positive and timely solution for those affected by the data incident”.

“We are very pleased to have come to a resolution on this matter after constructive mediation with British Airways,” he added.

British Airways originally faced a record £183 million ICO GDPR fine, which was ultimately lowered to £20 million. This is 25 times lower than the very first anticipated fine amount of £500 million, which had been calculated based on the 4% of the company’s global turnover, based on its 2017 revenue reports.

Harris said that the ICO “laid out how BA did not take adequate measures to keep its passengers’ personal and financial information secure”.

“However, this did not provide redress to those affected. This settlement now addresses that,” he added.


Owning your own access security

The key to building strong cloud security and avoiding the risk of vendor lock-in


PGMBM is also in charge of representing the victims of last year’s EasyJet data breach, which leaked the personal details of nine million customers, out of which 2,208 had their credit card details exposed.

A week after the breach was reported, PGMBM had issued a class-action claim in the High Court of London with a potential liability of £18 billion, with each customer impacted by the breach potentially receiving a payout of £2,000.

“The pace at which we have been able to resolve this process with British Airways has been particularly encouraging and demonstrates how seriously the legal system is taking mass data incidents. This is a very positive sign as we look ahead to what will be an even bigger case against easyJet relating to their 2020 data breach, as well as other similar international actions,” said Harris.

Sabina Weston

Having only graduated from City University in 2019, Sabina has already demonstrated her abilities as a keen writer and effective journalist. Currently a content writer for Drapers, Sabina spent a number of years writing for ITPro, specialising in networking and telecommunications, as well as charting the efforts of technology companies to improve their inclusion and diversity strategies, a topic close to her heart.

Sabina has also held a number of editorial roles at Harper's Bazaar, Cube Collective, and HighClouds.