British Airways has agreed to settle the lawsuit that was heading towards the courts on the back of the 2018 data breach.
If you signed up for the class action lawsuit, a modest financial sum (the current amount is unclear) will be heading your way soon.
Can everyone else impacted claim the same amount of money? I took some unofficial legal advice on your behalf.
What is the background to the BA data breach?
Between June and 5th September 2018, the data of people making a transaction at ba.com or BA Holidays was compromised and passed to an unknown third party.
BA originally stated that the following data was shared:
- email address
- postal address
- credit card number
- expiration data
….. but this was later found to also include log in and travel booking details as well name and address information.
Passport and frequent flyer data was not compromised as that is not transmitted during the payment process.
500,000 people were impacted by the breach. If you were included, you will have received various emails from British Airways at the time.
The Information Commissioner’s Office (ICO) was not impressed. In July 2019 it proposed a fine of £183 million. See the ICO’s statement here. This was eventually reduced to £20 million, primarily because of the impact of covid on the airline, although it was made very clear that BA had acted illegally in its treatment of passenger data.
The £20m did not go to impacted customers. It was divided up between the various European data authorities, with the UK share going directly to the Treasury.
What happened with the lawsuit?
In October 2019, Mr Justice Warby gave permission for a passenger-led case to proceed via a group litigation order. This is a new form of legal process which works along the lines of the class action lawsuits seen in the United States.
Enthusiasm to join the suit was muted. Only 16,000 people had signed up by January 2021 after 18 months of efforts, representing just 3% of those impacted.
What does the British Airways settlement meant?
There was a report in the Financial Times in January which said that British Airways had agreed to settle, although this was denied by the lawyers behind the group litigation order. The story does appear to have been correct, however.
The following letter was circulated yesterday by one of the legal groups involved in the case:
RE: Your British Airways Data Breach Claim (the “Data Claim”)
Following PGMBM (formerly SPG Law)’s engagement to represent you in relation to this claim, we are delighted to confirm that on 5 July, British Airways (“BA”) agreed to settle the group claim brought by this firm and others, on your (and other claimants’) behalf.
The settlement has been reached with no admission as to liability. This means that BA does not admit that it has breached the law or its duty to you for the data breach in question – but BA has decided to pay a financial settlement now, rather than have to continue to defend the matter further through the Courts.
We will write to you individually, with confirmation and an explanation of, the compensation amount due to be paid to you, via our authorised payment agents, Shieldpay. However, under the terms of the settlement that has been reached with BA you must keep all information about it – including the amount paid to you – strictly confidential, or BA may be entitled to take legal action against you.
There is no indication as to what the sum involved may be.
How does this impact the other 485,000 people hit by the data breach?
I spoke to a senior legal figure – who happens to be a friend of mine as well – last night. To paraphrase his thoughts, and he admits that he is not a specialist in this area of law:
- British Airways is unlikely to be obliged to offer a settlement to the other 485,000 people impacted by the breach
- However, it will be very difficult for British Airways to defend itself against future claims. It would be logical for more suits to emerge, on the basis that it will be easy to sign up defendants now that the presumed eventual settlement amount will be known.
- There is little logic in BA failing to admit that it broke the law over the breach given that the ICO has already found British Airways culpable and has issued a fine as punishment.
We need to see how this turns out.
Please do not tell us what your settlement is
If you are involved in the data breach, please do not email me from your personal email account with details of the settlement when it is known to you.
If we choose to publish the information, it is possible that British Airways will seek an injunction to make us hand over the names of the people who supplied us with the data.
No-one on the Head for Points team took part in the group litigation order, so we are not bound by the settlement agreement. However, my legal friend tells me that HfP may be in contempt of court if it does publish the settlement figure, if the out of court settlement is legally ratified. Let’s see how we go.
How to earn Avios from UK credit cards (August 2021)
As a reminder, there are various ways of earning Avios from UK credit cards. Many cards also have generous sign-up bonuses!
There are two official British Airways American Express cards:
You can also get generous sign-up bonuses by applying for American Express cards which earn Membership Rewards points, such as:
We also recommend Capital On Tap for limited companies. You earn 1 Avios per £1 which is impressive for a Visa card:
Click here to read our detailed summary of all UK credit cards which earn Avios. This includes both personal and small business cards.
(Want to earn more Avios? Click here to visit our home page for our latest articles on earning and spending your Avios points and click here to see how to earn more Avios this month from offers and promotions.)