We've been featured in:

British Airways Data Breach Compensation | Zellis Cyber Attack Advice

By Cat Way. Last Updated 6th March 2024. Welcome to our BA data breach claim/British Airways data protection guide. In this guide, we cover how you can claim British Airways data breach compensation. Over recent years, data protection rules have been tightened up thanks to the UK General Data Protection Regulation (UK GDPR). It was passed into British law through the Data Protection Act 2018. If these laws are breached and cause harm to anybody whose data is leaked, it is sometimes possible for compensation to be claimed. In this guide, we’re going to look at why you could be entitled to make a British Airways data breach compensation claim.

The purpose of the UK GDPR is to give individuals more control over the personal information that companies hold about them, what purposes they can use it for, and if they’re allowed to share it with other companies.

British Airways data breach claims guide

In addition, the UK GDPR puts an onus on companies to implement security processes and procedures to ensure data is kept secure. In most cases, your personal information is safe and used in the ways you’ve allowed, but mistakes can happen. That’s why we’re going to look at what could lead to a personal data breach, how they could cause you to suffer and when you might be allowed to ask for compensation.

Legal Expert provides support for anybody who is considering a British Airways data breach claim. Our team of friendly advisers can assess any claim on a no-obligation basis. They’ll also provide free advice on what steps you need to take and, if the claim appears viable, could refer you to one of our specialist solicitors. If your claim is accepted, your solicitor will conduct the whole case on a No Win No Fee basis.

If you’re in a position to speak to us today about starting a claim, please call one of our advisors on 0800 073 8804. Alternatively, to find out more about claiming for a British Airways data breach, please continue reading.

Select A Section

What Is A Customer Data Breach Claim Against British Airways?

Although we often think of computer problems when we discuss data breaches, that’s not the only way they can occur. The UK GDPR says that data breaches can involve personal information that has either been disclosed, accessed, altered, lost or destroyed by methods that have not been approved. They might be deliberate or unlawful acts, or they could be completely accidental. The leak could involve digital data or physical documentation.

To make it easier to understand why a British Airways data breach claim might be possible, we’re going to look at some roles defined within the UK GDPR:

  • The data subject is the person whose personal information is required for processing i.e. a British Airways customer.
  • A data controller is an organisation responsible for defining why personal data needs to be collected and how it will be processed.
  • The data processor is the company, or an individual, responsible for processing information on behalf of the data processor.

While the UK GDPR means IT systems should be secured by firewalls and antivirus systems, the new rules also apply to any documentation that is physically stored. For instance, filing cabinets containing documents with personal information should be locked. Also, documentation that has personally identifiable information should be disposed of securely (shredded for instance) rather than thrown into bins or skips where they could enter the public domain.

If an organisation is made aware that a data breach has happened, and there’s the potential it could put somebody at risk, then they must inform the ICO and anybody who’s been affected. They need to explain when the breach happened, how the data was accessed and what information was leaked.

To check if you could claim for a British Airways data breach, please explain your concerns to one of our specialists today.

Are British Airways Staff Affected By The Zellis Cyber Attack?

Recently, the personal data of some British Airways staff was exposed in a cyberattack. Hackers were able to gain access to the data through a previously unknown fault in MOVEit, a file transfer tool used by payroll company Zellis.

Zellis provides payroll services to many corporations in the UK, including the BBC, Boots, and British Airways. A spokesperson from British Airways stated that they had already contacted employees affected by the breach to provide “advice and support.”

If you are a member of staff at British Airways and you have received a letter or email advising that your personal data was affected by the Zellis cyber attack, you can contact our advisors to find out what steps you could take next.

Source: https://www.dailymail.co.uk/news/article-12161347/Massive-cyber-attack-thousands-firms-including-BA-Boots.html 

The British Airways UK GDPR Data Breach Fine

Now we’re going to discuss a British Airways data breach which resulted in the ICO issuing a £20 million fine. The breach happened in 2018 and involved personal data relating to nearly 430,000 staff and customers being breached. The ICO issued the fine because British Airways was processing large volumes of personal information with insufficient security measures in place which meant the company had broken data protection laws.

As a result of inadequate security, a cyberattack took place in 2018 and was not spotted by the airline for two months. During the attack, the hacker potentially accessed:

  • The names, addresses, credit card and CVV numbers or around 244,000 customers.
  • Combined card number and CVV combinations of 77,000 customers (and the card number alone for 108,000 customers).
  • Usernames and PINs for up to 612 Executive Club accounts.
  • Usernames and passwords of employee and admin accounts.

The ICO decided that there were enough things BA could’ve done to prevent the attack, including:

  • Only giving staff relevant permissions to tools and software applications to allow them to fulfil their role.
  • Using two-factor authentication tools to protect accounts.
  • Undertaking penetration tests on company systems to simulate a cyberattack.

The ICO investigation also found out that BA hadn’t spotted the problem themselves. Instead, a 3rd party spotted the data breach around 2-months after it had occurred. However, it was noted that BA acted quickly once the problem had been raised. If you’re one such victim, you could file a BA data breach claim/British Airways data protection claim for British Airways data breach compensation.

For further reading – ICO report regarding British Airways being fined £20m for a data breach, affecting over 400,000 customers.

How An Airline May Be In Breach Of Data Protection Laws

As well as cybersecurity issues, here are some other examples of how a company could cause a data breach. Importantly, you’ll see that a lot of these are related to human error while handling physical documentation:

  • When an email or letter containing personally identifiable information is sent to the wrong customer.
  • If a member of staff accesses records containing your personal information without a business reason to do so.
  • Where a company passes information about you to another organisation without your say so.
  • If documentation containing information is disposed of insecurely.

Should you believe you’ve suffered as a result of a British Airways data breach, and you’d like Legal Expert to review your case, please call a member of our team today. Provided you have clear evidence of the breach and the harm caused, we could support your case.

How The ICO Carry Out Investigations

When you believe a British Airways data breach has caused you harm, if you decide you want to take further action, you’ll need evidence to show what happened. The first way you could go about getting that evidence is to raise a formal complaint with the company.

Once you’ve submitted a complaint, the company needs to take steps to investigate and then report their findings to you. If you don’t agree with the outcome of their investigation, their letter should explain where you can escalate the complaint to. If you follow the process through, but you’re still not happy with the response, you could request an ICO investigation.

The ICO suggests you contact them after it’s been 3-months since your last communication with the company. You should be aware that if you take too long to get in touch with the ICO, they could reject your claim. Something else we should point out is that an ICO investigation will not mean you receive compensation.

The only way that will happen is if you raise a case against the company directly which is where one of our solicitors could help. After they’ve assessed your claim, if they agree to take it on, they will try to agree on an amicable settlement directly with the company. If that looks like it won’t work, they might advise you to lodge your concerns with the ICO to try and find out more about what has happened.

To see whether one of our solicitors could be assigned to your case, why not give the team at Legal Expert a call today? They could handle your BA data breach claim/British Airways data protection claim for BA data breach compensation.

British Airways Data Breach – What Compensation Could I Receive?

This section will highlight what types of damages can make up a BA data breach compensation amount should you be eligible to claim. You would only be able to claim if you can show that the data breach was caused by a third party compromising your personal data. Furthermore, the breach would need to lead to you suffering financial damage or psychological harm.

The two types of damages you could claim to compensate you for the different ways the personal data breach impacted you, include:

  • Material damages – This relates to any financial losses caused by the data breach.
  • Non-material damages – This compensation figure is regarding any psychological injuries you’ve suffered due to the breach. Psychological injuries can include PTSD, anxiety and depression.

You would need evidence to potentially receive a payout from a BA data breach, should one occur. For material damages, you would need evidence such as bank statements to show the financial losses caused by the breach. These losses could be caused by your bank details being stolen, for instance.

For non-material damages, evidence you could use includes:

  • Doctor’s reports
  • Therapist’s notes
  • Proof of treatment, such as prescriptions

To learn more about making a valid data breach claim, please contact us for free using the details above.

BA Data Breach And Compensation Amounts For 2023

You may be wondering what you could receive in data breach compensation should a British Airways data breach occur. As we mentioned earlier, in most data breach claims you can claim material damages, non-material damages, or both. Since the ruling of the Court of Appeals for Vidal-Hall and others v Google Inc [2015], it is now possible to receive compensation for psychological impacts without having suffered financially.

Edit
Injury Compensation Bracket Notes
Severe Psychiatric Damage £54,830 to £115,730 Severe effects on the ability to cope with day to day life.
Moderately Severe Psychiatric Damage £19,070 to £54,830 Similar issues as above, but with a better response to professional treatment.
Moderate Psychiatric Damage £5,860 to £19,070 Cases with good response to treatment and a good prognosis.
Less Severe Psychiatric Damage £1,540 to £5,860 Consideration given to level of disability and length of symptoms.
Severe PTSD £59,860 to £100,670 Little or no function at the pre-trauma level.
Moderately Severe PTSD £23,150 to £59,860 Similar issues coping with daily life, but with a response to treatment.
Moderate PTSD £8,180 to £23,150 No grossly disabling effects remain after recovery.
Less Severe PTSD £3,950 to £8,180 Full recovery within 1-2 years.

Are you wondering what compensation for a BA data breach could be awarded? If so, you can see bracket compensation amounts taken from the 2022 edition of the Judicial College Guidelines (JCG) in the table above. These should only be used as a guide.

For more information on the steps you could take should a British Airways data breach claim occur, call our team.

No Win No Fee Data Breach Claim Against British Airways

One of the main reasons people don’t claim personal injury compensation is because they worry about the cost of using a specialist solicitor. To remove that worry and to reduce your financial risks, our team of solicitors offer a No Win No Fee service for any claims they handle.

When you connect with us, your solicitor will verify there’s a reasonable chance of winning the case before providing you with a Conditional Fee Agreement (CFA) to sign. The CFA will outline what work the solicitor will carry out for you and it will also show you that:

  • You aren’t expected to pay any fees upfront.
  • There are no solicitor’s fees or hidden charges payable while the case continues.
  • If your case fails, the solicitor won’t expect you to cover any of their fees.

When a claim is won and compensation received, your solicitor will keep a small percentage to cover their costs. This is called a success fee which is capped by law and listed in the CFA so there are no surprises when your case is finalised.

Start Your Data Breach Claim

To start a claim with Legal Expert today, you can:

Where To Find Additional Resources

This is the last part of our guide about making a British Airways data breach compensation claim. To provide additional support we’ve linked to some extra guides and resources for you below:

  • Local Authority Data Breaches – Advice on starting a claim against the local council following a data breach.
  • BA Flight Injury Claims – Details on when you could claim for injuries sustained on a British Airways flight.
  • Cruise Ship Injury Claims – Information on how to claim for injuries or illnesses sustained on a cruise.
  • Obtain Your Data – Details on how to request copies of your data from companies.
  • Mood Self-Assessment – Information from the NHS on how to assess your mood and understand how you’re feeling.
  • ICO Action – An up to date register of action taken by the ICO for recent data breaches.

Thank you for reading our BA data breach claim/British Airways data protection guide. We hope you now know more about how to claim BA data breach compensation.

BA Data Breach Claim FAQs

When was the British Airways data breach?

This took place over the course of August and September 2018.

What happened within this data breach?

More than 420,000 customers would see hackers steal their personal information.

How much would BA be fined by the ICO?

The ICO’s fine for British Airways would eventually total £20 million.

Could I claim compensation after the BA data breach?

If you can prove that you’re a victim of the situation, then you could make a compensation claim.

How would I know if my data was stolen within the BA breach?

You would be wise to contact BA themselves to see if you’re amongst the victims.

How long do I have to make a claim?

You have several years after the data breach, with the time limit varying depending on the situation.

When could I receive my compensation?

This comes once a settlement is agreeable between your legal representation and BA.

And who could manage my British Airways data breach claim?

Legal Expert can do this; please get in touch to see how we can help you.