In September 2018, the UK’s flag carrier revealed that the personal details of 420,000 customers – including names, debit and credit card numbers, addresses and email addresses – had been stolen.
Now law firm PGMBM have announced that a record number of customers have signed up for the action – the largest opt-in group action for a data breach in UK history.
Lawyers estimate that each claimant could be in line for £2,000 in compensation, putting BA’s overall potential liability at around £800m.
PGMBM partner Tom Goodhead said: “British Airways passengers feel let down by what transpired. They are well within their rights to be compensated for what was previously a trusted airline playing fast and loose with their personal information, leaving it vulnerable for nefarious hackers to take advantage of.
“We trust companies like British Airways with our personal information and they have a duty to all of their customers and the public at large to take every possible step to keep it safe. In this instance, they presided over a monumental failure.”
BA has also been on the receiving end of a record fine from the Information Commissioner’s Office (ICO) for the breach.
Having initially fined the carrier £183m, the ICO reduced the charge to £20m in October due to the impact of coronavirus on the carrier’s finances.
The fine is independent of the class action, which affected customers can continue to sign up for until 19 March.
PGMBM are the court appointed lead solicitors for the case.
A similar case against Easyjet has already attracted more than 10,000 claimants.
British Airways said: “We continue to vigorously defend the litigation in respect of the claims brought arising out of the 2018 cyber attack.
“We do not recognise the damages figures put forward, and they have not appeared in the claims.”
Kate Bevan, computing editor at consumer site Which?, said: “This was a really nasty data breach that left hundreds of thousands of British Airways customers exposed to possible financial and emotional harm.
“Which? is calling for consumers to have an easier route to redress when they suffer from data breaches. The government must allow for an opt-out collective redress regime.”