British Airways settles with victims of 2018 data breach

British Airways has reached a settlement with thousands of claimants over a massive breach of customer data back in 2018, it was announced this morning.

On 7 September 2018 the flag carrier revealed that the names, debit and credit card numbers, addresses and email addresses of over 420,000 people had been accessed in a security breach.

Earlier this year, it was reported that 16,000 people were seeking compensation for the incident, the largest opt-in group action for a data breach in UK history.

At the time, it was estimated that each claimant could be in line for £2,000 in compensation.

This morning, law firm PGMBM announced that the case had been settled on confidential terms.

Harris Pogust, chairman of PGMBM, said: “We are very pleased to have come to a resolution on this matter after constructive mediation with British Airways. This represents an extremely positive and timely solution for those affected by the data incident.

“The Information Commissioner’s Office laid out how BA did not take adequate measures to keep its passengers’ personal and financial information secure. However, this did not provide redress to those affected. This settlement now addresses that.”

BA had also been on the receiving end of a record fine from the Information Commissioner’s Office (ICO) for the breach.

Having initially fined the carrier £183m, the ICO reduced the charge to £20m in October due to the impact of coronavirus on the carrier’s finances.

In a statement, BA said: “We apologised to customers who may have been affected by this issue and are pleased we’ve been able to settle the group action. When the issue arose we acted promptly to protect and inform our customers.”