Maximise your Avios, air miles and hotel points

The lawsuit against British Airways for the 2018 data breach is proceeding – should you join?

Links on Head for Points may support the site by paying a commission.  See here for all partner links.

If you were impacted by the British Airways data breach in 2018, things are starting to get interesting.

Between June and 5th September 2018, the data of people making a transaction at or BA Holidays was compromised and passed to an unknown third party.

BA originally stated that the following data was shared:

  • email address
  • postal address
  • credit card number
  • expiration data
  • CVV

….. but this was later found to also include log in and travel booking details as well name and address information.

Passport and frequent flyer data was not compromised as that is not transmitted during the payment process.

500,000 people were impacted by the breach.  If you were included, you will have received various emails from British Airways at the time.

The Information Commissioner’s Office (ICO) was not impressed.  In July 2019 it proposed a fine of £183 million.  This was eventually reduced to £20 million, primarily because of the impact of covid on the airline, although it was made very clear that BA had acted illegally in its treatment of passenger data.

The £20m did not go to impacted customers.  It was divided up between the various European data authorities, with the UK share going directly to the Treasury.

But you can now make your own claim ….

In October 2019, Mr Justice Warby gave permission for a passenger-led case to proceed.  For 18 months now, various groups of lawyers have been planning a group litigation order.

As you may have seen from TV advertising over recent weeks, there is now a final push to get impacted flyers to sign up.

Interestingly, not many people have signed up.  Back in late 2019, when the group litigation order was granted, the largest litigation group had signed up just 5,000 people.  Press reports this week suggest that the total number of people now involved is just 16,000.

Given that Head for Points has around 50,000 readers on an average day, if you include our email readers, and is visited from over 350,000 unique devices per month, the law firms haven’t made much impact.  We could probably have got together a group of 16,000 people ourselves.

Many readers have asked us for guidance

We have receive a substantial number of emails in recent days, since the TV advertising began, asking for our opinion.

Back in October 2019 we said that we would do some digging into the various options and report back.

What happened next, of course, was covid and a financial disaster for the airline industry.

As regular readers will know, British Airways has made over 10,000 redundancies in recent months.  The requirement for covid tests for all flyers coming to the UK from tomorrow, plus the current restrictions, are causing it additional problems.  Any large fine against the airline will only weaken its financial position further and lead to more redundancies.

The group litigation is also – let’s be clear – primarily there to line the pockets of the lawyers.  35% of any money you receive will go to them.

There are some spurious numbers being thrown around at the moment about the compensation you may receive.  One oft-quoted number, put around by the lawyers, is a £3 billion total pot.  Given that this is bigger than the fine Boeing paid for the 737 MAX crashes or indeed BP paid for the Deepwater Horizon oil disaster, this is clearly not happening.

At best, it may work out at a couple of hundred pounds per claimant, less 35% for the lawyers.

That said, this will be a landmark case for UK law as it is likely to be the first major case involving a group litigation order.  No-one knows how it will go and the result will impact many future cases.

What do we recommend you do?

Head for Points has misgivings about encouraging readers to join a process.  It will enrich the lawyers at the expense of a struggling airline and its employees, with claimants receiving a relatively nominal sum in their pockets.

For this reason, we will not be recommending any particular legal group to join.

We are not saying that you shouldn’t join the action if you are entitled to – this is clearly up to you – but it isn’t something that we are comfortable promoting given the current state of the airline industry.

I should flag that the Financial Times reported yesterday that:

“BA indicated it was prepared to settle claims in a letter filed with the court last week and seen by the Financial Times.”

In response, however, one of the law firms involved emailed participants to say:

“We can confirm that, to the best of our knowledge, [the FT article] is factually inaccurate.”

Assuming this is correct, it is not clear if a) the lawyers will accept the settlement and b) whether others will be allowed to join the settlement if BA agrees a sum.  It is also not clear if the sum would be fixed – so your payout is reduced if more people join – or per person, uncapped.  However it works out, it does imply that your chances of receiving something are better than zero.

I spoke to a senior legal friend – and HfP reader – and he believes that BA will lose the case.  The only question is whether the court decides that claimants need to prove direct financial loss before they can receive a payment.

How to earn Avios from UK credit cards

How to earn Avios from UK credit cards (April 2024)

As a reminder, there are various ways of earning Avios points from UK credit cards.  Many cards also have generous sign-up bonuses!

In February 2022, Barclaycard launched two exciting new Barclaycard Avios Mastercard cards with a bonus of up to 25,000 Avios. You can apply here.

You qualify for the bonus on these cards even if you have a British Airways American Express card:

Barclaycard Avios Plus card

Barclaycard Avios Plus Mastercard

Get 25,000 Avios for signing up and an upgrade voucher at £10,000 Read our full review

Barclaycard Avios card

Barclaycard Avios Mastercard

5,000 Avios for signing up and an upgrade voucher at £20,000 Read our full review

There are two official British Airways American Express cards with attractive sign-up bonuses:

British Airways American Express Premium Plus

25,000 Avios and the famous annual 2-4-1 voucher Read our full review

British Airways American Express

5,000 Avios for signing up and an Economy 2-4-1 voucher for spending £15,000 Read our full review

You can also get generous sign-up bonuses by applying for American Express cards which earn Membership Rewards points. These points convert at 1:1 into Avios.

American Express Preferred Rewards Gold

Your best beginner’s card – 20,000 points, FREE for a year & four airport lounge passes Read our full review

The Platinum Card from American Express

40,000 bonus points and a huge range of valuable benefits – for a fee Read our full review

Run your own business?

We recommend Capital on Tap for limited companies. You earn 1 Avios per £1 which is impressive for a Visa card, along with a sign-up bonus worth 10,500 Avios.

Capital on Tap Business Rewards Visa

Huge 30,000 points bonus until 12th May 2024 Read our full review

You should also consider the British Airways Accelerating Business credit card. This is open to sole traders as well as limited companies and has a 30,000 Avios sign-up bonus.

British Airways Accelerating Business American Express

30,000 Avios sign-up bonus – plus annual bonuses of up to 30,000 Avios Read our full review

There are also generous bonuses on the two American Express Business cards, with the points converting at 1:1 into Avios. These cards are open to sole traders as well as limited companies.

American Express Business Platinum

40,000 points sign-up bonus and an annual £200 Amex Travel credit Read our full review

American Express Business Gold

20,000 points sign-up bonus and FREE for a year Read our full review

Click here to read our detailed summary of all UK credit cards which earn Avios. This includes both personal and small business cards.

Comments (170)

This article is closed to new comments. Feel free to ask your question in the HfP forums.

  • Hardy says:

    I was affected by the data breach. Got an email from BA too. The Amx I used for the booking, was used only on BA (never used it on anything else). 2 months later Amex called to say they had stopped two payments from South America as they were flagged. Turned out someone was using the card that was used on the BA booking.
    Question, which legal agency did people sign up with? Yourlawyers or PGMBM or whatever they are called
    I will claim

    • Urty says:

      I signed up with PGMBM only because I saw it mentioned on another article.

      • Hardy says:

        Thanks. They have tons of scary terms and conditions. I suspect it was all ok no win no fees

  • RussellH says:

    A few impolite comments about some lawyers here.
    I can assure you that compared with the language used by the lawyers that I know, when they talk about these lawyers, is pretty tame.

  • Adam says:

    Good piece … I’m affected and not joining the action. Amex managed the risks well

  • Alex says:

    Thanks for the article. But, for the record:

    BP paid around $63.4 billion by the end of September 2018 to cover clean-up costs and legal fees linked to the largest environmental disaster in U.S. history

  • Kurt says:

    The T&Cs from the law firm are quite interesting….. probably fine, but nonetheless offputting: General Terms
    If any of the following events occur, you will be in breach of the Agreement with the effect that you will be liable for,
    and we will seek payment of, our hourly rate, VAT and disbursements as set out in this agreement:
    a. You fail to co-operate with us.
    b. You fail to follow our advice.
    c. You fail to attend any appointment or court hearing which we request you to attend.
    d. You fail to give us necessary instructions when we ask for them, or you fail to give us instructions that allow us
    to do our work properly.
    e. You withdraw instructions from us.
    f. You reject our legal advice about making a settlement with your opponent.
    g. You ask us to work in an improper or unreasonable way.
    h. You mislead us or any party involved in your claim (including any expert instructed in the matter).
    i. You are dishonest or exaggerate your claim

  • Tim says:

    The attempt at emotional blackmail (don’t join cos you will force BA to make more staff redundant) is daft. If BA goes under, then other airlines will fill the gaps and will expand by taking on a similar number of staff.

    I look at it this way. If BA thought they could screw some cash out of, let’s say, Boeing by suing them, it would not hesitate for a moment, certainly not out of some misplaced concern for them.

  • GaryC says:

    I have some sympathy for BA here. Doing InfoSec well is *hard*, and BA could have spent their whole operating budget on it, and still been hacked. Witness the recent SolarWinds hack. Yes, BA probably could/should have spent more, but I would assert that applies to the firms everyone joining this class action works for too.

    I think BA could quite justifiably close down exec club accounts – “In light of your recent law suit it’s quite clear that we are unable to serve you in the manner you require and as a result we have made the decision to…”.

    • Dwb1873 says:

      Did you the ICO report? They weren’t doing it even close to well, nor did it seem actually trying.

      Inconsistent and poor controls, poor environment mapping, limited monitoring – then tried multiple legal angles to say the ICO was incompetent.

      I’m not joining this action, but BA IMO were not treated harshly by the ICO.

      • James says:

        The ICO is fairly scathing. Among the information security failures are some that I wouldn’t expect a small family run business to make, let alone a high profile global airline that must be a potential target of terrorist attacks and which one might expect to have a sophisticated CISO and a robust, holistic approach to information security. Aside from the concerns about their disregard for customer information, it gives me pause for thought about their concern for passengers more generally.

  • Justin says:

    There is a thread on BT with similar thoughts, although not quite as heated as this. BA just haven’t learned the lesson on IT their systems are just as bad as they have ever been, so is my data safe with them now?

    Rob you are right that the compensation and the potential costs to BA are probably out of sync with what it has “cost” those affected, but they have not offered anything by way of compensation to the customers affected including myself. What value can I put on not having a credit card for 5 days while AMEX sent a replacement, plus the loss of Avios on my spending… they offered access to my credit file for free, which anyone can get from Experian at any point in time. Not even a derisory cache of Avios, discount on next booking or GOGW.

    Until BA are properly punished then they will not learn their lessons about cutting corners, be that people no longer booking F/J due to lack of hot food, or people claiming for this data breach.

This article is closed to new comments. Feel free to ask your question in the HfP forums.

The UK's biggest frequent flyer website uses cookies, which you can block via your browser settings. Continuing implies your consent to this policy. Our privacy policy is here.