British Airways settles with 2018 data breach victims

However, the resolution does not include any admission of liability by the UK’s flag carrier airline

British Airways has reached a “confidential” settlement agreement with the victims of a 2018 data breach that saw the personal information of 420,000 staff and customers leaked, including names, debit and credit card numbers, addresses, and email addresses.

Law firm PGMBM, which had led the mediation between British Airways and the victims, released a statement announcing that the litigation has been “resolved on confidential terms”.

The resolution does not include any admission of liability by the UK’s flag carrier airline, said the law firm’s court-appointed lead solicitors, who had filed the claim on behalf of those affected in April 2020.

However, PGMBM chairman Harris Pogust said that today’s settlement “represents an extremely positive and timely solution for those affected by the data incident”.

“We are very pleased to have come to a resolution on this matter after constructive mediation with British Airways,” he added.

British Airways originally faced a record £183 million ICO GDPR fine, which was ultimately lowered to £20 million. This is 25 times lower than the very first anticipated fine amount of £500 million, which had been calculated based on the 4% of the company’s global turnover, based on its 2017 revenue reports.

Harris said that the ICO “laid out how BA did not take adequate measures to keep its passengers’ personal and financial information secure”.

“However, this did not provide redress to those affected. This settlement now addresses that,” he added.

Related Resource

Owning your own access security

The key to building strong cloud security and avoiding the risk of vendor lock-in

Whitepaper front coverDownload now

PGMBM is also in charge of representing the victims of last year’s EasyJet data breach, which leaked the personal details of nine million customers, out of which 2,208 had their credit card details exposed.

A week after the breach was reported, PGMBM had issued a class-action claim in the High Court of London with a potential liability of £18 billion, with each customer impacted by the breach potentially receiving a payout of £2,000.

“The pace at which we have been able to resolve this process with British Airways has been particularly encouraging and demonstrates how seriously the legal system is taking mass data incidents. This is a very positive sign as we look ahead to what will be an even bigger case against easyJet relating to their 2020 data breach, as well as other similar international actions,” said Harris.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021