BA Back Down on Data Breach Claim Window
British Airways has been forced into a humbling U-turn after a cynical bid to limit the compensation claim time for victims of its data breaches.
In an unprecedented move, the airline surreptitiously applied to launch its own class action and tried to dictate a restrictive claim window. Pressure from Your Lawyers, a consumer rights law firm, in exposing the airline’s tactics likely meant that BA’s efforts to limit the window for sign-ups failed.
The deadline for over 430,000 victims to claim has now trebled in length from just 17 weeks to 15 months – with a cut-off date of 17 January 2021. The decision was made at the High Court of Justice as it approved the group litigation order initially called by British Airways but ensured the claimant window was reasonable for the large number of victims.
The beleaguered airline faces a possible pay out of £3billion, based on estimated average compensation settlements of £6,000 for each of the approximate 500,000 claimants across the two data breaches in 2018.
At the time of the hearing, it was understood that only around 7,500 potential victims had contacted lawyers for compensation claims – little over one per cent of the number that could be entitled to claim. However, since news of the GLO formation last week, Your Lawyers has seen an influx of new claimants and currently represents 372 victims.
In September and October 2018, British Airways claimed to have notified over 500,000 customers that they may have been affected by data breaches. It is understood that some 185,000 reward booking customers between April and July last year had their personal information and financial details compromised, and around 380,000 more customers were apparently notified that their data may have been breached between August and September from the airline’s app and website.
Information exposed included their name, billing address, email address and card payment information. This included card numbers, expiry dates and – in tens of thousands of cases – CVV security codes.
Victims of the breach could each receive as much as £16,000 or more in cases where psychological injury is extreme. Financial losses from the hack can also be claimed, in addition to compensation for the distress caused to affected customers. The Information Commissioner’s Office has also issued a notice of intention to fine the airline a record £183m over the breach. The penalty is set to be the first imposed after the EU’s General Data Protection Regulation law was introduced.
Aman Johal, Director at Your Lawyers, said: “When Your Lawyers first flagged British Airways’ underhand tactics – trying to deny victims compensation from the data breaches – the airline claimed its proposed window did ‘not prevent customers joining the group claim’.
“After being held up to media scrutiny, we warned that hundreds of thousands of potential claimants could miss out on compensation, the airline has shown that it is prepared to climb down from its original stance. It claims this was a “negotiation” rather than a cynical push for a low-ball recruitment period.
“British Airways’ U-turn is a vindication of our efforts to champion consumer rights. However, there’s still a great amount of work to do – the airline does not have to contact its victims to let them know about what they stand to gain.
“I encourage everyone affected to join the class action and ensure they hold BA accountable for any losses.”
A hearing at the High Court of England and Wales Queen’s Bench Division on Friday 4th October established the final cut-off date of 17 January 2021, and by order of the High Court, Your Lawyers has been appointed to the Steering Committee which is responsible for the conduct of the BA Group Action.