British Airways Data Breach Largest on Record


British Airways has settled a data breach claim involving 16,000 victims – making it the biggest data breach claim in the UK to date.

Group action claims such as this are not that common in the UK although we’re starting to see an increase with companies such as Google and TikTok recently coming under fire for how they use customers’ personal data.

If you’d like advice about claiming compensation for a data breach, get in touch with our Data Breach Solicitors for a free case assessment.

What Happened in the British Airways Data Breach?

The data breach happened back in 2018 and affected 420,000 British Airways (BA) customers and staff. Cybercriminals managed to hack BA’s systems and modified them to steal customers’ details as they were being inputted.

This included customers’:

  • Names
  • Addresses
  • Payment card details
  • Login details
  • Travel booking details

In response to this breach, the Information Commissioner’s Office (ICO) fined British Airways £20 million – the largest fine they’ve ever issued.

The amount of compensation given to affected customers has not been revealed but the chairman of the law company representing the victims said the deal was “an extremely positive and timely solution for those affected by the data incident.”

This isn’t the first time an airline has been caught in a group action data breach claim. EasyJet fell victim to a data breach last year when hackers accessed the personal data of 9 million customers, 2,200 of which got their credit card details stolen.

What are my rights under GDPR?

The General Data Protection Regulation (GDPR) forms part of the Data Protection Act 2018, which puts responsibility on organisations to handle personal data responsibly.

According to the ICO, under GDPR, individuals have:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relationship to automated decision making and profiling

If an organisation breaches GDPR and puts your personal information at risk, they could face legal action.

Data Breach Claims We're Supporting With

What should I do if my Data has been Breached?

You can use our free data breach checker to see whether your data’s been breached. But it’s important to bear in mind that the effects of a data breach can take months or even years to show.

To make sure your data is as safe as possible, remember to:

  • Use strong passwords on any online accounts and change them regularly
  • Check your bank statements often and report any suspicious transactions with your bank provider straight away
  • Delete and block any emails or phone calls that look like a phishing/scam attempt and don’t click any links or attachments if you’re wary

Claiming Compensation for a Data Breach

If you’ve been told that your data has been breached, you could be entitled to compensation. Get in touch with our Data Breach Solicitors for a free case assessment and ask us if we can handle your claim on a No Win, No Fee basis.

Contact our Data Breach Solicitors For a Free Case Assessment

We're happy to help

Monday to Friday 8:30am-7:00pm

0808 239 9426

0808 239 9426

We're happy to call you

Simply click below to arrange the assessment

Request a Free Case Assessment

Contact us for a Free Data Breach Case Assessment

Enter the organisation who has exposed your data

This data will only be used by Simpson Millar in accordance with our Privacy Policy for processing your query and for no other purpose

Simpson Millar Solicitors are a national law firm with over 500 staff and offices in Billingham, Bristol, Cardiff, Catterick, Lancaster, Leeds, Liverpool, London and Manchester.