British Airways settles lawsuit over data breach which hit 420,000 people
The airline does not admit liability as part of the settlement and details of payouts will remain confidential.
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.British Airways has settled a legal claim over a major data breach that affected 420,000 customers and staff.
The breach in 2018 included the leaking of names, addresses and card payment details and led to the Information Commissioner’s Office (ICO) handing out its largest ever fine at £20 million.
Law firm Pogust, Goodhead, Mousinho, Bianchini and Martins (PGMBM) said the settlement was reached following mediation with BA and the terms are confidential.
Previously, lawyers said the lawsuit was the largest group action over a data breach in British legal history, with 16,000 claimants when filed in April last year.
The deal struck will see claimants paid out and the airline said it has directly apologised to those involved.
Harris Pogust, chairman of PGMBM, said: “We are very pleased to have come to a resolution on this matter after constructive mediation with British Airways. This represents an extremely positive and timely solution for those affected by the data incident.
“The Information Commissioner’s Office laid out how BA did not take adequate measures to keep its passengers’ personal and financial information secure. However, this did not provide redress to those affected. This settlement now addresses that.”
A BA spokesperson said: “We apologised to customers who may have been affected by this issue and are pleased we’ve been able to settle the group action.
“When the issue arose we acted promptly to protect and inform our customers.”
The ICO initially threatened to fine BA £183 million for the breach under GDPR rules, but this was reduced to £20 million due to the airline pointing out it was in financial difficulty due to the Covid-19 pandemic.
PGMBM is also representing a growing number of claimants in a case relating to a similar data breach of EasyJet data revealed in May 2020, which saw nine million passengers’ data exposed, including names, email addresses and travel information.
Mr Pogust added: “The pace at which we have been able to resolve this process with British Airways has been particularly encouraging and demonstrates how seriously the legal system is taking mass data incidents.
“This is a very positive sign as we look ahead to what will be an even bigger case against EasyJet relating to their 2020 data breach, as well as other similar international actions.”