The UK's flag-carrier airline is said to be planning to begin settlement discussions that could see customers who became the victims of a data breach receive a compensation payout of up to £3bn.
British Airways customers were impacted by two data breaches in 2018. Between April and July 2018, some 185,000 British Airways reward-booking customers were notified that their personal information and financial details had been compromised, while a further 380,000 users of the airline’s app and website had their information exposed between August and September 2018.
Data compromised in the breaches included customer names, billing addresses, and email addresses. Payment card information, including card numbers, expiry dates, and—in tens of thousands of cases—the CVV security code, was also exposed. No passport details were stolen.
In July 2019, the Information Commissioner’s Office (ICO) issued a notice of intention to fine the airline a record £183m over the breach. However, this penalty was reduced drastically to a £20m fine in October 2020.
According to a statement released today by consumer action law firm Your Lawyers, British Airways has voiced its intention to kick off settlement discussions in the first quarter of 2021.
In 2019, Your Lawyers was appointed to the Steering Committee responsible for the overall conduct of the BA data breach litigation. The firm described the airline's plans to begin settlement discussions as an admission of culpability for the breach and an effort to avoid the burden of litigation.
“News that British Airways wants to settle compensation claims, with negotiations set to take place in the first quarter of 2021, is acknowledgement of its wrongdoing in failing to protect customer data," said Aman Johal, director at Your Lawyers.
“This is incredibly positive news for the victims of the breach and for consumer rights in general, but people must act fast to avoid missing out."
The deadline to join the Group Litigation Order (GLO) falls on March 19, 2021. Your Lawyers believes that affected customers could each potentially receive an average of £6,000 in compensation. Financial losses arising from the breach could also be claimed.
BA responded to Your Lawyers' claims with the following statement: "We continue to deny liability in respect of the claims brought arising out of the 2018 cyber attack and are vigorously defending the litigation. We do not recognize the damages figures that Your Lawyers has put forward, and they have not appeared in the claims."