Septu comment:  “And now the serious money… 565,000 British Airways customers had personal information exposed during two separate data breaches in 2018. The #GDPR fine was dropped by the Information Commissioner’s Office from a threatened £183m (£324/customer) to £20m (£35/customer) – partly due to COVID. Now the company faces a Group Litigation Order (the British version of a Class Action), in which lawyers apparently reckon up to £6,000 per customer could be claimed.”

The UK’s flag-carrier airline is planning to begin settlement discussions that could see customers who became the victims of a data breach receive a compensation payout of up to £3bn.

British Airways customers were impacted by two data breaches in 2018. Between April and July 2018, some 185,000 British Airways reward-booking customers were notified that their personal information and financial details had been compromised, while a further 380,000 users of the airline’s app and website had their information exposed between August and September 2018.

Data compromised in the breaches included customer names, billing addresses, and email addresses. Payment card information, including card numbers, expiry dates, and—in tens of thousands of cases—the CVV security code, was also exposed. No passport details were stolen.

In July 2019, the Information Commissioner’s Office (ICO) issued a notice of intention to impose on the airline a record GDPR fine £183m over the breach. However, this penalty was reduced drastically to a £20m fine in October 2020.

According to a statement released today by consumer action law firm Your Lawyers, British Airways has voiced its intention to kick off settlement discussions in the first quarter of 2021.

In 2019, Your Lawyers was appointed to the Steering Committee responsible for the overall conduct of the BA data breach litigation. The firm described the airline’s plans to begin settlement discussions as an admission of culpability for the breach and an effort to avoid the burden of litigation.

“News that British Airways wants to settle compensation claims, with negotiations set to take place in the first quarter of 2021, is acknowledgement of its wrongdoing in failing to protect customer data,” said Aman Johal, director at Your Lawyers.

“This is incredibly positive news for the victims of the breach and for consumer rights in general, but people must act fast to avoid missing out.”

The deadline to join the Group Litigation Order (GLO) falls on March 19, 2021. Your Lawyers believes that affected customers could each potentially receive an average of £6,000 in compensation. Financial losses arising from the breach could also be claimed.

From: Infosecurity Magazine