British Airways has settled a data breach involving hundreds of thousands of customers. The British airline has to pay an undisclosed amount in damages. She says she is happy that agreements have been made and the lawsuit comes to an end.
‘Legal system takes massive data incidents seriously’
To start this case, we have to go back to 2018. That year, a major data breach occurred at British Airways. As a result of the leak, the personal and other data of more than 420,000 customers and employees ended up on the street. This included bank account numbers, credit card details, telephone numbers, email addresses, residential addresses, booking information and login details.
After years of legal battle, International Airlines Group (IAE), the parent company of British Airways, and law firm PGMBM have reached an agreement. IAE pays an undisclosed amount in compensation to the hundreds of thousands of victims. There is no acknowledgement of liability by the airline anywhere in the agreement.
“The pace at which we have been able to resolve this process with British Airways is very encouraging. It shows how seriously the legal system takes massive data incidents,” Harris Pogust, the president of law firm PGMBM, said in a statement to Bloomberg. British Airways, for its part, says it “apologies to customers who may have been affected by this matter”. The company says it is happy that it was able to settle the matter with a settlement.
Regulator imposes a £20 million fine
The amount of damages in the settlement is unknown. It is not the first time that British Airways has had to cough up money for the data breach. Last October, the Information Commissioner’s Office (ICO) imposed a fine of £20 million. The British regulator believed that the data breach could have been prevented if the airline had taken sufficient security measures against cyber attacks. British Airways had not investigated vulnerabilities in the system. For example, the attack on the company went undetected for two months.
“When organizations make bad decisions about people’s personal data, it can have a real impact on their lives,” Elizabeth Denham, president of ICO, said at the time. “The law now gives us the tools to encourage companies to make better decisions about data, including investing in up-to-date security. Their failure to act was unacceptable and affected hundreds of thousands of people, causing concern and fear. That is why we have fined British Airways £20 million.”
Initially, ICO wanted to impose a £183 million fine on British Airways. Due to the corona pandemic and the fact that the aviation sector is already having such a hard time, the regulator decided to reduce the amount. Despite this, it is the size of the fine that the British privacy watchdog has imposed to date.
EasyJet also target of hackers
British Airways is not the only UK airline to be the victim of hackers. In May 2020, hackers managed to loot the email addresses and travel data of 9 million EasyJet travellers. Credit card information from 2,208 customers was also stolen in the cyber attack. Passport details of customers remained safe. The damage was limited due to the quick intervention of EasyJet IT staff. The government and ICO were notified of the attack.
Despite EasyJet’s swift action, the airline warned customers about identity theft and phishing. “We encourage customers to remain alert as they normally would, especially if they receive unsolicited communications. We also advise customers to be careful with communications that claim to be from EasyJet or EasyJet Holidays,” the company said in an email to affected customers.
Catch up on more articles here
Follow us on Twitter here