British Airways is facing a lawsuit that could see the airline paying out hundreds of millions of pounds in compensation following news of last week’s data breach.
The breach is thought to have taken place between 21 August and 5 September when cyber criminals accessed the payment and personal details of over 380,000 of the airline’s customers.
After the incident, the legal firm SPG Law announced that it was planning to seek compensation for the passengers over the “inconvenience, distress and misuse” of their personal data, The Sunday Times reports.
The law firm claims that BA should pay for “non-material damage” as required under the Data Protection Act 2018, the newspaper says. Each passenger could be entitled to up to £1,250 in compensation. The data breach could cost the airline up to £475m.
SPG Law has invited takes BA to settle the issue out of court.
Meanwhile The Daily Telegraph says the airline could also be stung with a fine of £897m if it’s found to have breached General Data Protection Regulation (GDPR) laws, which came into effect in May.
On 6 September, British Airways announced that the personal and payment details of tens of thousands of customers had been stolen during a data breach.
The airline said the hack had compromised 382,000 transactions carried out on its website and app between 21 August and 5 September, and that the police and “relevant authorities” had been notified.
The “breach has been resolved” and online services are now “working normally,” the firm said in a statement, adding that the stolen data did not include travel or passport details.
The airline also issued an apology. BA’s chief executive, Alex Cruz, said: “We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.”
In an interview with the BBC, Cruz said the hack was discovered by one of the airline’s partners. “The moment [we found out] that actual customer data had been compromised, that’s when we began immediate communication to our customers,” he said.
How to check if your data was stolen
British Airways says it will be contacting customers who made bookings between 10:58pm on 21 August and 9:45pm on 5 September, and will advise them to contact their bank and “follow their recommended advice”.
Alex Neill, of consumer watchdog Which?, suggests that customers concerned about their personal details should take extra steps to protect themselves.
“Anyone concerned they could be at risk of fraud should consider changing their online passwords, monitor bank and other online accounts and be wary of emails regarding the breach as scammers may try and take advantage of it.”
Will customers get a refund?
Yes, BA has assured costomers that they will be “fully reimbursed”.
How have costumers reacted?
BA customers have expressed their frustrations on social media, with many claiming that they had been instructed to cancel their cards by their banks.
One customer complained about BA advising customers to go to their bank for advice, rather than the airline issuing its own instructions to help travellers stay protected.