British Airways Plc settled a U.K. class-action lawsuit involving hundreds of thousands of customers caught up in a 2018 data breach.
The settlement, for an undisclosed sum, followed the leak of the personal data of 420,000 customers and staff, including bank details, contact information and addresses. The deal between IAG-owned British Airways and law firm PGMBM doesn’t include any admission of liability by the airline.
“The pace at which we have been able to resolve this process with British Airways has been particularly encouraging and demonstrates how seriously the legal system is taking mass data incidents,” said Harris Pogust, chairman of PGMBM, said in an emailed statement.
British Airways has been rocked by the impact of the coronavirus pandemic on its industry. In October, the U.K. Information Commissioner’s Office reduced the airline’s fine for the breach from 183 million pounds ($254 million) to 20 million pounds in the wake of the pandemic’s financial impact.
The case was filed under the European Union’s General Data Protection Regulation, which ramped up potential fines for firms failing to protect consumers’ control of their personal data. British Airways’ rival, EasyJet Plc, also faces a lawsuit led by PGMBM after exposing private details of nine million passengers.
British Airways said in an emailed statement that it “apologized to customers who may have been affected by this issue and are pleased we’ve been able to settle the group action.”
When “the issue arose we acted promptly to protect and inform our customers,” the carrier said.
