British Airways is facing a potential £800 million lawsuit over a 2018 data breach that exposed details of more than 400,000 of its customers.
More than 16,000 people have signed up to a plan to take action against the airline, in what lawyers behind the case described as Britain’s biggest group action personal data claim.
PGMBM, a London-based law firm, said that each of the 420,000 customers and staff whose information had been leaked could be entitled to £2,000 each in compensation.
BA is owned by International Consolidated Airlines Group, which also includes Iberia and Vueling, of Spain and Aer Lingus, the Irish airline.
In September 2018, BA revealed a breach in its systems that leaked names, debit and credit card numbers, addresses and email addresses. Some passengers were diverted to a fake website, which harvested their details. The Information Commissioner originally planned to fine BA £183 million for the breach, the largest penalty in the watchdog’s history, but this was cut to £20 million as the airline faced financial pressures during the pandemic.
Tom Goodhead, a partner at PGMBM, said: “British Airways passengers feel let down by what transpired. They are well within their rights to be compensated for what was previously a trusted airline playing fast and loose with their personal information, leaving it vulnerable for nefarious hackers to take advantage of.”
British Airways said: “We continue to vigorously defend the litigation in respect of the claims brought arising out of the 2018 cyberattack. We do not recognise the damages figures put forward and they have not appeared in the claims.”