Compensation Due for BA Hack Victims


Following on from last year’s British Airways cyber attack could be an even more costly measure for the airline giant, a movement by lawyers urging victims to claim a potential £2,000 compensation could provide financial strain for the business.

A Hefty Year

On September 27th 2018, British Airways revealed to its customers and staff that a serious data breach of its security infrastructure led to the theft of more than 420,000 customers and staff information from names, debit/credit card numbers and contact information such as addresses and emails in what is considered a data breach of unparalleled impact.

Due to British Airways failure to adhere to General Data Protection Regulation (GDPR) requirements to prevent this type of attack, the Information Commissioner’s Office (ICO) issued the airline with a notice of intention to fine towards the figure of £183 million for infringements.

The airline was relieved to have the fine revised by the ICO to the tune of £20 million following the impact of Covid-19 on the business and steps that BA took to address and correct the problem.

The Fallout

Due to the negligence on behalf of British Airways in providing adequate protection of customer’s personal details, the £20 million fine was deemed as the biggest fine issued by the ICO to date, which was a direct result of the stress and anxiety they had unwittingly put upon the thousands that were the victim of the breach.

By making an example of the airline, it was shown to businesses to what extent not taking adequate measures of how to protect data online can leave the business-facing and the overall importance of making better decisions in regards to data and security.

The Next Threat

Unfortunately, the fine of the ICO and the loss of data from the hack is only the beginning of the problems for British Airways, as law firm PGMBM has pushed a group litigation case on behalf of all of the victims.

As the ICO fine does not cover the victims (which is paid to the Treasury’s Consolidated Fund), the law firm is setting out to compensate those affected by BA negligence. Under Article 82 of the EU General Data Protection Regulation, the claim for compensation is valid for non-material damage for customers who had their data compromised. This compensation covers many areas including distress, inconvenience, annoyance and loss of control over their data.

The case is operated through a no win, no fee basis and open to anyone who received the email from British Airways in 2018 notifying them of the compromise of their details. Many of these emails may have ended up in the junk folders of many customers. However, it is not to the benefit of just the people who have had ill effects due to the breach, it has been opened to all customers who were notified. This could be a very trying time for the airline during one of the most turbulent periods in history for travel.