Call us today0800 160 1298

Advantage Litigation

Welcome to Advantage Litigation Services. We provide affordable access to commercial litigation.

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form

What is Behind the British Airways Data Breach Group Action Claim?

Posted by on in Uncategorized
  • Font size: Larger Smaller
  • Hits: 259
  • Subscribe to this entry
  • Print

With a number of UK law firms lining up to bring a group-action claim against British Airways, litigation professionals estimate that a successful claim could cost the flag carrier and self-styled ‘Worlds Favourite Airline’ over £2.2bn for a data breach in 2018 that affected over 400,000 passengers.

Data Breach

Back in the summer of 2018, hackers accessed the personal data of around 430,000 BA customers and passengers, with over half having sensitive personal and financial details stolen. The affected customers had bought flights on via the website, through the British Airways app or with Avios, BA’s frequent-flyer scheme.

The stolen data included passenger names, travel plans, billing address, email address and payment card details – including the three-digit security code (“card verification value,” or CVV) from the back of the card. Many on the stolen lists had their debit and credit card numbers stolen, with almost one in five also having their CVV hacked too. The Information Commissioner’s Office (ICO), who have stated that the cyber attack was not spotted for over 2 months, reported:

Usernames and passwords of BA employee and administrator accounts as well as usernames and PINs of up to 612 BA Executive Club accounts were also potentially accessed."

At the time of the data breach, the airline told those whose data was at risk that:

We are very sorry that this criminal activity has occurred. We’ll reimburse our customers who have suffered financial losses as a direct result of the theft of their payment card details…as a precaution we recommend you contact your bank or card provider and follow their advice.”

The airline also offered free credit and identity monitoring services. However, BA later said no evidence had emerged of fraudulent activity relating to the hack.

Old Technology

Along with a number of large, well-established businesses, airlines tend to have “legacy” reservation systems that have their origins deep in the 20th century. While they have been continually updated, the structure is not as robust and defensible as newer IT systems. Many other airlines have been affected by data breaches, including the giant US airline, Delta, and Cathay Pacific of Hong Kong. In the latter case, the personal data of over 9m customers were accessed.

The ICO said the hack in part involved customers being diverted to a fraudulent site, Its investigation found the airline was processing a significant amount of personal data “without adequate security measures in place”, with investigators concluding that “This failure broke data protection law”.

Initially it appeared that BA faced a fine of £183m under the Data Protection Act, representing 1.5 per cent of BA’s global turnover in 2017. At the time it was the largest proposed penalty under new data regulations. The airline and its parent company, IAG, announced an appeal, and British Airways itself has already paid a £20m penalty.

Civil Litigation Action

Besides the ICO fine, British Airways also faces civil action. Solicitors and law firms are actively marketing for claimants who say they incurred damages as a result of the hack. PGMBM, a sub-brand of Excello Law and the lead solicitors in the group action, estimates claimants could get an average £2,000, with a total bill for BA of £800m. The firm has an online claim form in which applicants answer a string of questions, including: "Upon finding out that your personal information had been breached, did you experience any type of emotional distress? Anger, Annoyance, Anxiety, Frustration, Shock, Stress, Upset.”

The total compensation cost for BA could be even higher though; Solicitors Your Lawyers has estimated a potential total compensation pot of £2.4bn on the basis of an average payout of £6,000 per person, adding that “In cases where a psychological injury is extreme, victims of the hack could receive up to £16,000 each."

The group action claim seeks damages for financial loss, including bank charges and fraud; and “distress and inconvenience” including from having to “change credit cards and change passwords to various online accounts.” It also says some claimants have been targeted by scam emails and may have seen their creditworthiness impacted. A judge will now need to determine whether the BA is liable to the claimants, or any of them, for potential damages for the breach and, if so, who exactly is entitled to what.

BA insists it does not recognise these figures.

Commercial Litigation Funding

If you are thinking about taking legal action against another individual or company but are worried about the costs involved, Advantage Litigation Services have the skills and expertise to help you find a way of funding commercial litigation without risking your personal finances or those of your business. Click here to contact us today or call 0800 160 1298 to see how we can help.

Get in touch

  1. Your Name(*)
    Please let us know your name.
  2. Your Email(*)
    Please let us know your email address.
  3. Company Name(*)
    Please write a subject for your message.
  4. Your Phone Number
    Invalid Input
  5. Message(*)
    Please let us know your message.
  6. Anti-Spam, please enter the characters shown
    Anti-Spam, please enter the characters shown
    Invalid Input

Latest News

  • Whilst Covid-19 may have forced many parts of society to slow down and re-think our approach to all aspects of our lives, recent comments by a number of High Court judges would seem to indicate that this is certainly not happening in civil and commercial litigation. The 3 judges have expressed their disquiet over the ever increasing pervasiveness of hostile and antagonistic approaches to litigation where every point, good or bad, is taken. In the case of Navigator Equities Ltd & Ors v Deripaska from July this year, Mr Justice Andrew Baker said that, in the 30 years in which he had worked in commercial dispute resolution: There has been a significant general increase in hostility and aggressiveness in the conduct of disputes…the taking of any and every point, good or bad, and other failures to display proper independence from the litigating... Read More

  • The UK’s largest ever group action litigation action, ostensibly valued at almost £5bn, has been thrown out by the High Court in London with the case having been found to be an abuse of process. The case, Municipio De Mariana & Ors v BHP Group Plc & Anor, involved tens of thousands of Brazilian claimants followed the collapse of the Fundao dam in south eastern Brazil in 2015. The collapse killed 19 people and the subsequent flood wiped out many settlements and villages in its path.High Court judge Mr Justice Turner agreed with the defendants in the case after finding that the court could not handle such a disparate and unmanageable case involving so many claimants. The case was brought by PGMBM, a trading name of Excello Law Limited, on behalf of over 202,000 individual, corporate and institutional claimants against two... Read More

  • A recent ruling by the High Court in London will mean that unsuccessful claimants in the well-publicised Municipio De Mariana & Ors v BHP Group PLC & Anor group action claim will need to make an interim payment of £8m to cover 50% of their opponents legal costs. In making the ruling, High Court judge Mr Justice Turner said that it was wrong to penalise the defendants for the work done on the case. Justice Turner had already struck out group litigation on behalf of some 202,600 Brazilians last November who were claiming compensation following the collapse of the Fundao dam in Brazil in 2015, saying the task of managing such a case would be ‘irredeemably unmanageable’ if it was allowed to proceed. Read More