UK airline British Airways has resolved on confidential terms litigation brought by customers and staff affected by a leakage of personal information in 2018.

The breach included names, debit and credit card numbers, addresses and email addresses of more than 420,000 customers and staff.

At first the Information Commissioner’s Office (ICO) announced it intended to fine the company £183m ($253m, €214m) for infringements of the General Data Protection Regulation (GDPR). The final amount was revised down to £20m last October because of Covid-19’s impact on British Airways’ business. 

Settlement of the litigation, which began April last year, follows mediation between court-appointed lead solicitors PGMBM and the airline. 

Resolution includes compensation for qualifying claimants. It does not include any admission of liability by British Airways. 

The ICO’s decision provided no redress to those affected. The settlement addresses that matter, said PGMBM’s chairman Harris Pogust 

“The pace at which we have been able to resolve this process with British Airways has been particularly encouraging and demonstrates how seriously the legal system is taking mass data incidents,” he was quoted as saying by Bloomberg’s news service.


Missed PrivSec Global’s livestream experience? No problem, simply click here to access the sessions on demand.