HNK Solicitors are pleased to announce a resolution to litigation pursued against British Airways following a 2018 data breach.
Though the terms of the resolution are confidential, it nonetheless represents a major success for those affected.
Last year, the Information Commissioner’s Office (ICO) concluded that the breach represented a significant failure on BA’s part when it came to protecting its customers’ personal information.
The ICO ultimately issued BA a £20m fine following an extensive investigation into the incident – the largest fine it has issued to date. However, none of this money will be made available to victims of the breach.
The positive resolution of the group litigation finally offers those affected some redress for the impact of the breach, including the emotional distress that often follows from having sensitive personal information exposed to cybercriminals.
The 2018 British Airways data breach
British Airways initially revealed it had suffered a data breach in September 2018. The breach was the result of what Alex Cruz, then CEO of BA, described as a “sophisticated, malicious criminal attack”. The attack targeted the payment system the airline used for its website and mobile app.
The attack began in late June 2018 and continued for more than two months before being noticed. Though the specifics of how the cybercriminals were able to gain access to BA’s IT system are complex, the outcome was stark. The criminals were able to redirect the payment card data of BA’s customers to a website that they owned.
As a result, for a period of fifteen days from 21st August to 5th September, the criminals were able to access the payment details customers used for booking flights through BA’s website and app. The attack was finally noticed by a third party, a security researcher who informed BA of the ongoing breach.
As a result of this highly sophisticated attack, cybercriminals were able to access the payment card details of 429,000 BA customers. Of these customers, 244,000 had their names, addresses, card numbers and CVVs exposed. This is more than enough information to potentially cause significant financial losses and even lead to identity theft.
Settlement of the group litigation
In recognition of the significant distress the breach caused to the victims, HNK Solicitors joined with a number of other firms to pursue a large-scale group litigation case against BA.
In July 2021, BA agreed to settle the case. Though BA did not accept liability for the breach, the settlement did include provisions to compensate those affected.
The specific terms of the settlement remain confidential, but this nonetheless represents a major step forward for those affected, helping them to move on from this troubling incident.
The 2020 EasyJet data breach
Unfortunately, the British Airways data breach would not be the last to affect UK airlines. The 2020 EasyJet data breach shows the ongoing threat that cybercriminals pose to the airline industry. It also highlights the steps that remain to be taken to ensure the safety of customer data.
The EasyJet data breach exposed the names, email addresses, and travel details of an astonishing nine million customers. 2,208 customers also had their credit and debit card details accessed, including the CVV required to make online payments.
The breach was announced by the airline in May 2020 and was described as a “highly sophisticated cyber-attack”. However, this was not the first that EasyJet knew of it. In fact, they became aware of the attack in January 2020, and it had commenced in October of the previous year.
The exposure of such personal data poses a significant risk to EasyJet’s customers. Though the financial dangers of having your credit and debit card details stolen are obvious, even information such as your name and email address can place you at risk from elaborate “phishing” attacks. The four-month delay in informing customers may have further increased this risk.
HNK can support your data breach claims
As with the BA case, those affected by the EasyJet breach have the right to pursue compensation. And indeed, the positive outcome of the BA case is an encouraging sign for those affected. It clearly shows how companies can be held responsible for the impact of such breaches.
HNK Solicitors has an extensive history of helping data breach victims secure compensation, including with the recent BA settlement. As a result, we are well-placed to help you if the EasyJet data breach has impacted you – whether this be financially or due to the emotional impact and inconvenience of having your personal information stolen.
If you have been affected by the EasyJet data breach, contact HNK Solicitors today for a free no-obligation consultation. Our experts will be able to offer advice on whether you can pursue a claim against EasyJet. If we believe you have a case, we can pursue this for you on a no-win, no-fee agreement. Our expert data breach solicitors will work hard to ensure you are awarded the compensation you deserve.