British Airways settles lawsuit over major data breach after personal data of 420,000 staff and customers was leaked
British Airways has settled a legal claim after the personal data of 420,000 customers and staff was leaked.
The major data breach in 2018 included the leaking of names, addresses and card payment details and led to the Information Commissioner's Office handing out its largest ever fine at £20 million.
Law firm Pogust, Goodhead, Mousinho, Bianchini and Martins said the terms of the settlement were confidential and the deal was reached following mediation with BA.
Previously, lawyers said the lawsuit was the largest group action over a data breach in British legal history, with 16,000 claimants when filed in April last year.
British Airways has settled a legal claim after the personal data of 420,000 customers and staff was leaked in a major data breach in 2018
The deal struck will see claimants paid out and the airline said it has directly apologised to those involved.
Harris Pogust, chairman of PGMBM, said: 'We are very pleased to have come to a resolution on this matter after constructive mediation with British Airways.
'This represents an extremely positive and timely solution for those affected by the data incident.
'The Information Commissioner's Office laid out how BA did not take adequate measures to keep its passengers' personal and financial information secure. However, this did not provide redress to those affected. This settlement now addresses that.'
A BA spokesperson said: 'We apologised to customers who may have been affected by this issue and are pleased we've been able to settle the group action.
'When the issue arose we acted promptly to protect and inform our customers.'
The ICO initially threatened to fine BA £183 million for the breach under GDPR rules, but this was reduced to £20 million due to the airline pointing out it was in financial difficulty due to the Covid-19 pandemic.
The airline apologised to customers who may have been affected and said when the issue arose they 'acted promptly to protect and inform customers'
PGMBM is also representing a growing number of claimants in a case relating to a similar data breach of EasyJet data revealed in May 2020, which saw nine million passengers' data exposed, including names, email addresses and travel information.
Mr Pogust added: 'The pace at which we have been able to resolve this process with British Airways has been particularly encouraging and demonstrates how seriously the legal system is taking mass data incidents.
'This is a very positive sign as we look ahead to what will be an even bigger case against EasyJet relating to their 2020 data breach, as well as other similar international actions.'