BA Customers Can Sue Over Massive Data Breach
500,000 British Airways customers have been told they can bring compensation claims against the airline in the High Court, over a data breach that exposed their personal information, including addresses and bank details.
The UK’s Information Commissioners Office (ICO) immediately investigated after the airline reported the cyber attack in September last year.
According to the ICO's findings, 500,000 customers were affected, with personal details including payment data and addresses compromised by the hack. The hackers diverted passengers to a fake website where their details was harvested.
British Airways (BA) began contacting affected customers in 2018, but last week a judge, Mr Justice Warby, granted a group litigation order, paving the way for a mass legal action against BA.
Law firm, SPG Law is representing more than 5,000 customers, and a further 230 are beoing represented by Your Lawyers Limited, who are bringing claims for compensation. However, the potential number of claimants is much larger and the judge granted a window of 15 months for people to come forward and join the group litigation.
Aman Johal, director of Your Lawyers, said:
Today's grant of a group litigation order is a key step towards justice for the hundreds of thousands of victims of the British Airways data breach scandal.
Earlier this year the ICO announced its intention to impose a fine of at least £183million on the airline over the data breach. A spokesperson for the ICO said the proposed fine would be the largest it had handed out and the first to be made public since the GDPR came into force. The proposed fine represents 1.5 per cent of BA’s annual turnover.
The watchdog's investigation found that a variety of information was compromised due to “poor security arrangements”, including login, payment card and travel booking details, as well as customers' names and addresses.
In a statement after the fine was announced, Information Commissioner Elizabeth Denham said:
People's personal data is just that - personal. …When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. …That's why the law is clear - when you are entrusted with personal data you must look after it. … Those that don't will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.
BA’s chairman and chief executive, Alex Cruz, said at the time that the airline was “surprised and disappointed” in the ICO's initial finding.
British Airways responded quickly to a criminal act to steal customers' data. …We have found no evidence of fraud or fraudulent activity on accounts linked to the theft. …We apologise to our customers for any inconvenience this event caused.
How do I know if my details were hacked and what should I do next?
If you are a customer who was affected by the data breach then BA should have contacted you.
Customers who made a booking on BA.com or the BA app between August 21 2018 and September 5 2018 will be affected.
BA's response has been to reimburse those customers who have suffered “direct financial losses” and to offer “credit rate monitoring.”
However, customers have the right to compensation for non-material damage such as inconvenience and distress following the data leak.
Those affected could receive up to £16,000 for severe psychological injury with the average payout of £6,000 according to Your Lawyers for The Sun.
Most of the customers taking legal action are those who have suffered a financial loss.
It is advised to contact a law firm to join the legal action if it is approved by the High Court. Law firms will take on cases as part of a no win, no fee basis, so there are no costs to signing up.
Source: MSN News