British Airways faces £2.4bn breach settlement


British Airways has informed the court of its plans to settle compensation claims for customers affected by its two notorious data breaches in 2018, to avoid further court action.

In July 2019, the UK Information Commissioner’s Office issued a notice of intention to fine the airline a record £183m over the breach. However, this penalty was reduced significantly to a £20m fine in October last year.

In 2019, consumer action law firm Your Lawyers was appointed to the Steering Committee responsible for the overall conduct of the BA data breach litigation. The firm revealed the national carrier’s plans to begin settlement discussions in the first quarter of this year, as an admission of culpability for the breach and an effort to avoid the burden of litigation.

Exposed information
Between April and July 2018, reward booking customers were notified that their personal information and financial details had been compromised. In addition, a further breach between August and September of the same year exposed the data of customers using the airline’s app and Web site.

The defendant’s solicitor has given evidence at the Group Litigation Order (GLO) that the total of unique payment cards potentially affected is 429 420.

The breaches exposed personal and financial information, including card numbers, expiry dates, and in some cases, the CVV security code.

The exposed information included customers names, billing addresses, and e-mail addresses. Worryingly, card payment information was also compromised, including card numbers, expiry dates, and, in tens of thousands of cases, the CVV security code.

With the deadline to join the GLO falling on 19 March 2021, any affected customers have less than three months to join the class action, or risk no longer being able to claim compensation as part of the current litigation.

It is Your Lawyers’ view that British Airways is facing a potential compensation bill of up to £2.4bn, with the almost half a million affected receiving around £6 000 each. Financial losses arising from the breach could also be claimed and, in cases where a psychological injury is extreme, victims of the hack could receive up to £16 000.

Accepting blame
Aman Johal, a director at Your Lawyers, says: “News that British Airways wants to settle compensation claims, with negotiations set to take place in the first quarter of 2021, is acknowledgement of its wrongdoing in failing to protect customer data.”

Johal adds that he urges all those affected by the breach to come forward and join the class action before the GLO closes.

“While three months may seem like a long time, you could potentially be losing out on a five-figure settlement sum if you do not join in time. We are receiving hundreds of enquires a day as people scramble to meet the coming deadline, and we still receive a lot of enquiries from people who missed the deadline for previous actions we have been involved with and, unfortunately, we have to turn them away.”

He says although the airline is yet to make a final call on how it plans to deal with proceedings, settling out of court will show that the entity accepts the gravity of the incidents.

“Justice will be served, and the decision will send a strong message to other big corporations that they must take data protection seriously or face the financial and reputational consequences.”

British Airways responds
In a statement sent to ITWeb, British Airways says:

“We continue to deny liability in respect of the claims brought arising out of the 2018 cyber attack and are vigorously defending the litigation. We do not recognise the damages figures that Your Lawyers has put forward, and they have not appeared in the claims.”