British Airways Airbus A320-232
Photograph ©2017 by Brian Cohen.

British Airways Data Breach Settlement Reached — But on Confidential Terms

An official announcement from British Airways — which was released on Friday, September 7, 2018 — acknowledged and confirmed that a theft of the personal data of greater than 380,000 customers had occurred on both the official Internet web site and the mobile software application program of the airline between Tuesday, August 21, 2018 at 22:58 British Standard Time and Wednesday, September 5, 2018 at 21:45 British Standard Time…

British Airways Data Breach Settlement Reached — But on Confidential Terms

…and the law firm which has represented its clients with a class action lawsuit from the beginning — Pogust, Goodhead, Mousinho, Bianchini and Martins, which was once known as SPG Law and is now known as PGMBMannounced that litigation with British Airways has been resolved on confidential terms.

“In July 2019, the Information Commissioner’s Office (ICO) issued a notice of its intention to fine British Airways £183 million for infringements of the General Data Protection Regulation (GDPR)”, according to this official press release from the aforementioned law firm. “However, in October, the ICO revised the fine down to £20 million having considered representations from BA and the impact of Covid-19 on the business.”

Although no details pertaining to passport or travel information was affected, the data which was compromised included full names; credit card or debit card information, which included expiration dates and card verification value numbers; billing addresses; and e-mail addresses.

The initial recommendation from British Airways almost three years ago was that if you were confirmed that your personal data may have been stolen, you should contact your bank or credit card provider and follow their advice. “We understand that this incident will cause concern and inconvenience”, according to an official statement from British Airways. “We are contacting all affected customers to say sorry, and we will continue to update them in the coming days.”

Additionally, British Airways has offered to reimburse customers who suffer “direct financial losses” and to offer “credit rate monitoring” — but “this is not good enough”, according to the law firm, which had established a special Internet web site that is dedicated to this issue and that qualified members of the class action lawsuit might have been able to claim up to £1,500.00 as a result. “The breach has led to all customers being required to monitor financial transactions on their debit/credit cards and potentially cancel/request reissuance of their payment cards.”

The law firm had alleged that that was not the first time that the information technology systems of British Airways have failed. “BA have treated their customers poorly over the past few years and it is time to stand up to them and take action.”

The terms of the settlement include that:

  • Although British Airways will be required to pay, the settlement includes no admission of liability
  • The law firm will notify each claimant individually about the compensation to which they are entitled
  • Even though a cash payment will be involved, the amount of damages and terms of the settlement are required to remain confidential and not be revealed publicly


I hope that the people who were affected by the data breach were fairly compensated — but that rarely happens with class action lawsuits. The law firm is usually the entity which benefits the most from a class action lawsuit.

Unfortunately, data breaches have become the norm rather than the exception in the world of frequent travel loyalty programs, as demonstrated by the incidents involving Delta Air Lines, Hyatt Corporation, Hilton, Kimpton Hotels and Restaurants, Facebook, Equifax, and other various companies in recent years. Protecting your sensitive information has become almost impossible to do…

…and yet, few measures are in place to rectify the potentially disastrous results which could possibly occur from these data breaches — as though few corporations and government entities are unconcerned about confronting the seriousness of such breaches and attacks.

I am uncertain at this time as to what is the answer — but this trend simply cannot continue unchecked, in my opinion…

…and innocent victims of such breaches and attacks should not be subject to the significant effort and cost just to maintain the integrity of their personal information. which could result in identity theft and other nightmarish experiences. Stricter and more secure measures — which are transparent to individual consumers — should be employed as soon as possible to either mitigate or eliminate similar incidents in the future.

We live in a world which is highly dependent upon electronic transactions. As a customer, you deserve to be reassured by the companies which you patronize that your personal and financial data is indeed protected — and more than adequately at that.

These past articles written by me seem to illustrate how serious is this problem of protecting sensitive data from being breached — and it seems that no company is immune:

Photograph ©2017 by Brian Cohen.

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!