British Airways is facing the largest class action lawsuit against data protection in UK history over the breach of customer data in 2018.
More than 16,000 victims have now joined a case in which the airline is seeking compensation. According to PGMBM, the law firm representing applicants, they could claim £ 2,000 each.
“We trust companies like British Airways with our personal information and they have an obligation to all customers and the public to take all possible steps to ensure security,” said Tom Goodhead, partner at PGMBM, in an email. “In this case, they presided over a monumental failure.”
The BA, owned by the IAG, announced in September 2018 that a breach of its security systems had put the personal and financial data of more than 400,000 customers at risk. The airline was fined £ 20million by the UK’s data protection commissioner last year, a fraction of a much larger fine originally envisaged by the regulator.
The lawsuit was filed in 2018, with March 2021 deadline for additional victims. The applicants’ attorneys say BA’s total potential liability would be around £ 800m if every victim of the cyberattack were to join the motion.
The UK’s Information Commissioners’ Office said its investigation into the cyberattack revealed that “the airline processed a significant amount of personal data without proper security measures in place,” thereby unnecessarily disclosing people’s data. The fine is the ICO’s largest to date.
BA said in a statement sent via email that it continues to “vigorously defend the litigation regarding the claims arising from the 2018 cyber attack”.
She said she does not acknowledge the claims figures and they are not listed in the claims.
At a November case management hearing, BA told the court that Goodhead said there was an open option to initiate settlement discussions with applicants. However, they haven’t received any suggestions yet, he said.
The next hearing will take place in February.