[BreachExchange] Half a million British Airways customers are told they can sue the airline over a huge data breach which saw their bank details and addresses stolen by hackers

Destry Winant destry at riskbasedsecurity.com
Wed Oct 9 09:51:02 EDT 2019


https://www.dailymail.co.uk/news/article-7539707/Half-million-British-Airways-customers-told-sue-airline-data-breach.html

Half a million British Airways customers have been given the go ahead
to bring compensation claims against the airline at the High Court
over a data breach.

The airline reported that it had suffered a cyber attack on its
systems in September 2018.

The Information Commissioners Office (ICO) were forced to investigate
and found that 500,000 customers had been affected.

Personal details, including payment data and addresses, were
compromised by the hack, according to the ICO's findings.

Part of the scam involved passengers being diverted to a fake website
through which their details were harvested by the attackers.

The airline began to contact affected customers last year but today Mr
Justice Warby today granted a group litigation order at a hearing in
London, paving the way for a mass legal action against BA.

There are already more than 5,000 affected customers being represented
by SPG Law and a further 230 represented by Your Lawyers Limited, who
are bringing claims for compensation.

But the potential number of claimants is much larger and the judge
granted a window of 15 months for people to come forward and join the
group litigation.

Aman Johal, director of Your Lawyers, said: 'Today's grant of a group
litigation order is a key step towards justice for the hundreds of
thousands of victims of the British Airways data breach scandal.'

The ICO announced its intention earlier this year to impose a record
fine of more than £183million on the airline over the breach.

A spokesman for the watchdog said at that time that the proposed fine
would be the largest it had handed out and the first to be made public
since new rules came into force.

The General Data Protection Regulation (GDPR) was introduced in May
last year and means firms can be fined up to four per cent of their
annual turnover for data breaches.

The proposed fine against British Airways represents one-and-a-half
per cent of its annual turnover.

The ICO's investigation found that a variety of information was
compromised by 'poor security arrangements', including log in, payment
card and travel booking details as well as customers' names and
addresses.

In a statement after the fine was announced, Information Commissioner
Elizabeth Denham said: 'People's personal data is just that -
personal.

'When an organisation fails to protect it from loss, damage or theft
it is more than an inconvenience.

'That's why the law is clear - when you are entrusted with personal
data you must look after it.

'Those that don't will face scrutiny from my office to check they have
taken appropriate steps to protect fundamental privacy rights.'

Alex Cruz, British Airways' chairman and chief executive, said at the
time that the airline was 'surprised and disappointed' in the ICO's
initial finding.

He added: 'British Airways responded quickly to a criminal act to
steal customers' data.

'We have found no evidence of fraud or fraudulent activity on accounts
linked to the theft.

'We apologise to our customers for any inconvenience this event caused.'


More information about the BreachExchange mailing list