IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

British Airways settles with 2018 data breach victims

However, the resolution does not include any admission of liability by the UK’s flag carrier airline

British Airways has reached a “confidential” settlement agreement with the victims of a 2018 data breach that saw the personal information of 420,000 staff and customers leaked, including names, debit and credit card numbers, addresses, and email addresses.

Law firm PGMBM, which had led the mediation between British Airways and the victims, released a statement announcing that the litigation has been “resolved on confidential terms”.

The resolution does not include any admission of liability by the UK’s flag carrier airline, said the law firm’s court-appointed lead solicitors, who had filed the claim on behalf of those affected in April 2020.

However, PGMBM chairman Harris Pogust said that today’s settlement “represents an extremely positive and timely solution for those affected by the data incident”.

“We are very pleased to have come to a resolution on this matter after constructive mediation with British Airways,” he added.

British Airways originally faced a record £183 million ICO GDPR fine, which was ultimately lowered to £20 million. This is 25 times lower than the very first anticipated fine amount of £500 million, which had been calculated based on the 4% of the company’s global turnover, based on its 2017 revenue reports.

Harris said that the ICO “laid out how BA did not take adequate measures to keep its passengers’ personal and financial information secure”.

“However, this did not provide redress to those affected. This settlement now addresses that,” he added.

Related Resource

Owning your own access security

The key to building strong cloud security and avoiding the risk of vendor lock-in

Whitepaper front coverDownload now

PGMBM is also in charge of representing the victims of last year’s EasyJet data breach, which leaked the personal details of nine million customers, out of which 2,208 had their credit card details exposed.

A week after the breach was reported, PGMBM had issued a class-action claim in the High Court of London with a potential liability of £18 billion, with each customer impacted by the breach potentially receiving a payout of £2,000.

“The pace at which we have been able to resolve this process with British Airways has been particularly encouraging and demonstrates how seriously the legal system is taking mass data incidents. This is a very positive sign as we look ahead to what will be an even bigger case against easyJet relating to their 2020 data breach, as well as other similar international actions,” said Harris.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Microsoft says it's provided over $100 million in tech support to Ukrainian government
cyber attacks

Microsoft says it's provided over $100 million in tech support to Ukrainian government

20 May 2022