British Airways Pays £20M as it Settles Over 2018 Data Breach

Three years after the massive data breach which impacted approximately 420,000 people in 2018, British Airways has now agreed to pay its victims in a settlement amounting to £20 million (around $27.7 million). The decision was announced on Tuesday, July 6, 2021.

According to Reuters, the law firm Pogust, Goodhead, Mousinho, Bianchini, and Martins (PGMBM), the victims of the data security incident in 2018 would receive a confidential settlement. This unnamed settlement comes British Airways entered mediation with the said law firm.

Three years ago, the data breach involving the airlines saw the personal information of customers and staff of British Airways leaked and compromised. This vulnerable information includes the names of individuals, their respective addresses, and card payment details.

British Airways Pays Over 2018 Data Breach

Infosecurity Magazine said that the incident occurred between June 22 and September 5, 2018, after a threat actor gained unauthorized access to the airline’s application. The hacker reportedly used compromised credentials to enter the system.

As a result of the data breach, the staff and customers of British Airways have compromised their information. Infosecurity Magazine shared that the malicious threat actor used Magecart to skim the personal details of the victims.

Prior to the reduction to the £20 million fine, the Information Commissioner’s Office of the United Kingdom initially ordered British Airways to pay a massive £183 million (approximately $254 million). However, Bloomberg states that the Information Commissioner’s Office dropped the amount to £20 million following the financial impact of the coronavirus pandemic to the airline and travel industry.

In a statement, the chairman of the PGMBM law firm Harris Pogust said to Bloomberg in an email that “The pace at which we have been able to resolve this process with British Airways has been particularly encouraging and demonstrates how seriously the legal system is taking mass data incidents.”

Reuters mentioned that British Airways has expressed its happiness over finally having settled the class action lawsuit. A statement from the airline spokesperson said that the airline company has already “apologised to customers who may have been affected by this issue and are pleased we’ve been able to settle the group action.”

“When the issue arose we acted promptly to protect and inform our customers,” continued the spokesperson.

Besides representing the victims of the British Airways data breach, the Independent states that the PGMBM law firm is also representing claimants of EasyJet who also suffered a similar data security incident in May of 2020. Here, the news site reveals that around nine million passenger information have been compromised, including their names, email addresses, and travel information.