Security News > 2021 > July > British Airways data breach lawsuit settled: Airline coughs up around £30m to make sueball bounce away
British Airways has settled the not-quite-a-class-action* lawsuit against it, potentially paying millions of pounds to make the data breach case in the High Court of England and Wales go away.
"The resolution includes provision for compensation for qualifying claimants who were part of the litigation. The resolution does not include any admission of liability by British Airways Plc," said PGMBM. The lawsuit was based on the 2018 BA data breach, where the credit card details of 380,000 people were stolen thanks to a Magecart infection on its payment processing pages.
The airline had been saving card details in plain text since 2015 and hadn't implemented MFA across the board, as we reported when regulators fined BA for its pisspoor data security practices - including saving a Windows domain admin username and password in plain text.
Law firm Keller Lenkner said on its webpage advertising for British Airways claimants: "In our experience, and looking at similar cases, compensation of around £2,000 per claimant seems likely."
Sky News reported this morning that 16,000 people had applied to be part of the group litigation order, meaning the airline may have paid around £32m - though potentially less - to prevent the case going to trial.
Harris Pogust, chairman of PGMBM, said in the law firm's statement: "The pace at which we have been able to resolve this process with British Airways has been particularly encouraging and demonstrates how seriously the legal system is taking mass data incidents. This is a very positive sign as we look ahead to what will be an even bigger case against EasyJet relating to their 2020 data breach, as well as other similar international actions."
- MyRepublic discloses data breach exposing government ID cards (source)
- MyRepublic Data Breach Raises Data-Protection Questions (source)
- A multi-party data breach creates 26x the financial damage of single-party breach (source)
- Trucking giant Forward Air reports ransomware data breach (source)
- Twitch: No credentials or card numbers exposed in data breach (source)
- Accenture confirms data breach after August ransomware attack (source)