Call us today0800 160 1298

Advantage Litigation

Welcome to Advantage Litigation Services. We provide affordable access to commercial litigation.

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form

What is Behind the British Airways Data Breach Group Action Claim?

Posted by on in Uncategorized
  • Font size: Larger Smaller
  • Hits: 624
  • Subscribe to this entry
  • Print

With a number of UK law firms lining up to bring a group-action claim against British Airways, litigation professionals estimate that a successful claim could cost the flag carrier and self-styled ‘Worlds Favourite Airline’ over £2.2bn for a data breach in 2018 that affected over 400,000 passengers.

Data Breach

Back in the summer of 2018, hackers accessed the personal data of around 430,000 BA customers and passengers, with over half having sensitive personal and financial details stolen. The affected customers had bought flights on via the website, through the British Airways app or with Avios, BA’s frequent-flyer scheme.

The stolen data included passenger names, travel plans, billing address, email address and payment card details – including the three-digit security code (“card verification value,” or CVV) from the back of the card. Many on the stolen lists had their debit and credit card numbers stolen, with almost one in five also having their CVV hacked too. The Information Commissioner’s Office (ICO), who have stated that the cyber attack was not spotted for over 2 months, reported:

Usernames and passwords of BA employee and administrator accounts as well as usernames and PINs of up to 612 BA Executive Club accounts were also potentially accessed."

At the time of the data breach, the airline told those whose data was at risk that:

We are very sorry that this criminal activity has occurred. We’ll reimburse our customers who have suffered financial losses as a direct result of the theft of their payment card details…as a precaution we recommend you contact your bank or card provider and follow their advice.”

The airline also offered free credit and identity monitoring services. However, BA later said no evidence had emerged of fraudulent activity relating to the hack.

Old Technology

Along with a number of large, well-established businesses, airlines tend to have “legacy” reservation systems that have their origins deep in the 20th century. While they have been continually updated, the structure is not as robust and defensible as newer IT systems. Many other airlines have been affected by data breaches, including the giant US airline, Delta, and Cathay Pacific of Hong Kong. In the latter case, the personal data of over 9m customers were accessed.

The ICO said the hack in part involved customers being diverted to a fraudulent site, Its investigation found the airline was processing a significant amount of personal data “without adequate security measures in place”, with investigators concluding that “This failure broke data protection law”.

Initially it appeared that BA faced a fine of £183m under the Data Protection Act, representing 1.5 per cent of BA’s global turnover in 2017. At the time it was the largest proposed penalty under new data regulations. The airline and its parent company, IAG, announced an appeal, and British Airways itself has already paid a £20m penalty.

Civil Litigation Action

Besides the ICO fine, British Airways also faces civil action. Solicitors and law firms are actively marketing for claimants who say they incurred damages as a result of the hack. PGMBM, a sub-brand of Excello Law and the lead solicitors in the group action, estimates claimants could get an average £2,000, with a total bill for BA of £800m. The firm has an online claim form in which applicants answer a string of questions, including: "Upon finding out that your personal information had been breached, did you experience any type of emotional distress? Anger, Annoyance, Anxiety, Frustration, Shock, Stress, Upset.”

The total compensation cost for BA could be even higher though; Solicitors Your Lawyers has estimated a potential total compensation pot of £2.4bn on the basis of an average payout of £6,000 per person, adding that “In cases where a psychological injury is extreme, victims of the hack could receive up to £16,000 each."

The group action claim seeks damages for financial loss, including bank charges and fraud; and “distress and inconvenience” including from having to “change credit cards and change passwords to various online accounts.” It also says some claimants have been targeted by scam emails and may have seen their creditworthiness impacted. A judge will now need to determine whether the BA is liable to the claimants, or any of them, for potential damages for the breach and, if so, who exactly is entitled to what.

BA insists it does not recognise these figures.

Commercial Litigation Funding

If you are thinking about taking legal action against another individual or company but are worried about the costs involved, Advantage Litigation Services have the skills and expertise to help you find a way of funding commercial litigation without risking your personal finances or those of your business. Click here to contact us today or call 0800 160 1298 to see how we can help.

Get in touch

  1. Your Name(*)
    Please let us know your name.
  2. Your Email(*)
    Please let us know your email address.
  3. Company Name(*)
    Please write a subject for your message.
  4. Your Phone Number
    Invalid Input
  5. Message(*)
    Please let us know your message.
  6. Anti-Spam, please enter the characters shown
    Anti-Spam, please enter the characters shown
    Invalid Input

Latest News

  • Following recent Supreme Court rulings in two professional negligence cases, the Court has outlined a “wholly new legal roadmap” for professional negligence claims made in England and Wales. As a result, the Professional Negligence Lawyers Association (PNLA) have said that existing claims will now need to be reviewed, stating that “for many there could be a substantial impact on the likely chances of success and the assessment of financial loss”.The cases in question are Khan v Meadows [2021] and Manchester Building Society v Grant Thornton UK LLP [2021]. The first case centred on whether a medical expert, who failed to diagnose that a mother carried the haemophilia gene, was liable for the costs associated with her son’s autism as well as his haemophilia, whilst the second case concerned whether accountants Grant Thornton were liable for the costs of a building society... Read More

  • A recently failed business claim that was dismissed at court has once again highlighted the many pitfalls and legal complexities facing litigants in person (LIPs – that is, individuals taking legal action without professional representation from a solicitor or barrister). The claim in question - Daly & Anr v Ryan & Anr. 2021 - concerned an individual businessman who had a costly judgment entered against him simply because he had repeatedly failed to abide by the rules. Read More

  • Latest statistics from the Solicitors Regulation Authority (SRA), who are responsible for the regulation of solicitors and law firms in England and Wales, confirm what many in the profession have been predicting for a while; that law firms are accelerating the consolidation process as they begin to embrace new ways of working. Read More