British Airways has reached an out-of-court agreement to compensate some of the 420,000 people whose details were accessed when its systems were hacked in 2018.
The data breach affected both BA staff and customers, whose names, addressses and payment-card details were exposed.
Solicitors PGMBM, which launched a collective claim for around 16,000 of those affected in April last year, said today BA had agreed to pay an undisclosed sum to its clients.
However, the airline has not admitted any liability and it has not been revealed how many claimants will receive a pay-out or how much they will get.
The Information Commissioner’s Office fined BA £20m – its largest fine to date – for what it described as the airline’s ‘unacceptable’ failure to protect customers.
PGMBM welcomed today’s the settlement, which resolves the largest group litigation order relating to personal data in UK history to date.
The law firm’s Chairman Harry Pogust said: “We are very pleased to have come to a resolution on this matter after constructive mediation with British Airways.
“This represents an extremely positive and timely solution for those affected by the data incident.
“The Information Commissioner’s Office laid out how BA did not take adequate measures to keep its passengers’ personal and financial information secure. However, this did not provide redress to those affected. This settlement now addresses that.”
The no-win, no-fee legal firm said today’s announcement closes the group litigation brought on behalf of claimants under the EU General Data Protection Regulation (EU-GDPR), which sought compensation for non-material damage – inconvenience, distress, annoyance and loss of control of their personal data.
PGMBM is also representing growing numbers of claimants in a case relating to a similar data breach by easyJet data revealed in May 2020, which saw nine million passengers’ data exposed, including names, email addresses and travel information.
Mr Pogust added: “The pace at which we have been able to resolve this process with British Airways has been particularly encouraging and demonstrates how seriously the legal system is taking mass data incidents.
“This is a very positive sign as we look ahead to what will be an even bigger case against easyJet relating to their 2020 data breach, as well as other similar international actions.”