IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

British Airways settles with 2018 data breach victims

However, the resolution does not include any admission of liability by the UK’s flag carrier airline

British Airways has reached a “confidential” settlement agreement with the victims of a 2018 data breach that saw the personal information of 420,000 staff and customers leaked, including names, debit and credit card numbers, addresses, and email addresses.

Law firm PGMBM, which had led the mediation between British Airways and the victims, released a statement announcing that the litigation has been “resolved on confidential terms”.

The resolution does not include any admission of liability by the UK’s flag carrier airline, said the law firm’s court-appointed lead solicitors, who had filed the claim on behalf of those affected in April 2020.

However, PGMBM chairman Harris Pogust said that today’s settlement “represents an extremely positive and timely solution for those affected by the data incident”.

“We are very pleased to have come to a resolution on this matter after constructive mediation with British Airways,” he added.

British Airways originally faced a record £183 million ICO GDPR fine, which was ultimately lowered to £20 million. This is 25 times lower than the very first anticipated fine amount of £500 million, which had been calculated based on the 4% of the company’s global turnover, based on its 2017 revenue reports.

Harris said that the ICO “laid out how BA did not take adequate measures to keep its passengers’ personal and financial information secure”.

“However, this did not provide redress to those affected. This settlement now addresses that,” he added.

Related Resource

Owning your own access security

The key to building strong cloud security and avoiding the risk of vendor lock-in

Whitepaper front coverDownload now

PGMBM is also in charge of representing the victims of last year’s EasyJet data breach, which leaked the personal details of nine million customers, out of which 2,208 had their credit card details exposed.

A week after the breach was reported, PGMBM had issued a class-action claim in the High Court of London with a potential liability of £18 billion, with each customer impacted by the breach potentially receiving a payout of £2,000.

“The pace at which we have been able to resolve this process with British Airways has been particularly encouraging and demonstrates how seriously the legal system is taking mass data incidents. This is a very positive sign as we look ahead to what will be an even bigger case against easyJet relating to their 2020 data breach, as well as other similar international actions,” said Harris.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Most Popular

Empowering employees to truly work anywhere

Empowering employees to truly work anywhere

22 Nov 2022
Salesforce co-CEO Bret Taylor resigns with cryptic parting message
Business operations

Salesforce co-CEO Bret Taylor resigns with cryptic parting message

1 Dec 2022
The top 12 password-cracking techniques used by hackers

The top 12 password-cracking techniques used by hackers

14 Nov 2022