Airline Faces £800m Penalty For Customer Data Breach
British Airways (BA) has to deal with claims from a 2018 data breach which could cost more than £800 million. Over 400,000 customers had their bank credit cards and personal data stolen from BA’s website. Usernames and passwords of BA employee and administrator accounts, as well as usernames and PINs of up to 612 BA Executive Club accounts, were also potentially accessed. Some passengers were diverted to a fake website, which harvested their details.
A recent High Court ruling means that customers can claim compensation against the airline and over 16,000 have started the process. If successful, the compensation per claimant would likely be around £2,000 each, meaning that if all the people affected claim, the total penalty would be £800 million.
The UK Information Commissioner (ICO) originally planned to fine BA £183 million for the breach, the largest penalty in the watchdog’s history. This was later reduced to £20 million as the airline faced serious financial pressures during the Covid-19 pandemic. The ICO said that BA could have taken measures to reduce the risk, such as the testing of its cyber-defenders
In a statement the airline said: "We continue to vigorously defend the litigation in respect of the claims brought arising out of the 2018 cyber-attack... We do not recognise the damages figures put forward, and they have not appeared in the claims." It is understood that BA has considerably improved its cyber security since the attack.
The BA case is the first group lawsuit of its kind to be brought under GDPR data protection rules introduced in 2018. The £800m claim would be the largest group action personal data claim in UK history in the event that all the 400,000 people affected will join the claim.
These events are a salutary reminder to all customer facing businesses that with the advent of GDPR and other more stringent data protection regulations, that they cannot afford to be complacent.
Travel Mole: Computing: Business Travel Magazine: Standard: CoastFM:
You Might Also Read:
GDPR Data Breach Notifications & Fines Are Increasing: