British Airways GDPR fine and group action were avoidable

sign-up for a Virgin Media data breach

The mammoth British Airways GDPR fine and the group action for compensation we’re on the Steering Committee for were totally avoidable, meaning the airline could have saved themselves a fortune.

Research from HackerOne indicated that a simple Bug Bounty that could have cost less than £10,000.00 may have identified the vulnerabilities that led to the successful 2018 cyber-attack incidents. In fact, such a bounty could also have stopped the Carphone Warehouse, Ticketmaster and TalkTalk hacks as well, it’s understood.

The fact that this was avoidable can help the prospects of succeeding with the BA Group Action, although it’s important to know the difference between the fines and the compensation for victims.

Avoidable = prospects to succeed

Generally speaking, the fact that the British Airways GDPR fine and the compensation action could have been so easily avoidable can improve the prospects for succeeding with the litigation.

There can be legitimate defences to claims that arise from cyber-attacks. One such defence could be that all reasonable steps had been taken to prevent an incident taking place. However, in the BA case, the fact that a simple bug bounty could have reportedly identified the vulnerabilities shows that enough cannot have been done. And this is something we already know given that the Information Commissioner’s Office (ICO) has levied their initial fine in the sum of £183m. We imagine that they wouldn’t issue such a fine if there was a legitimate defence to a case.

All the evidence points toward the fact that this data breach was clearly preventable. Had it have been prevented, the more than 400,000 customers whose data has been exposed would not have had to go through the distress and suffering they have endured.

The British Airways GDPR fine of £183m could have been avoided for as little as £10,000.00, as could the costs of the compensation action that cold total an estimated £3bn.

Separation between British Airways GDPR fine and compensation action

It’s important to understand the separation between the British Airways GDPR fine and the group action for compensation that we’re pursuing.

The money from the provisional £183m fine isn’t intended to be used as compensation for victims. This financial penalty is designed to be a deterrent to enforce compliance of important data protection laws. For the victims, their justice can come from making a claim for data breach compensation, and that’s exactly what we’re doing as part of the BA Group Action.

If you were affected by the cyber-attacks from 2018, you can be entitled to claim damages for any distress caused, and for any financial losses suffered as well. The recent court ruling actually means that you don’t need to have suffered distress anyway, and you may be able to claim for simply being the victim of a breach.

What to do

Joining the BA Group Action is easy.

All you need to do is go to our website here, check your eligibility, and then sign-up for a case if you are entitled to do so. We’re offering No Win, No Fee representation given that we’re confident that we can succeed with the action.

We’ll keep fighting for the rights of everyone who wants to claim with us, and we’ll keep you updated with the process of the action on the whole.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a Callback from our team!

Fill out our quick call back form below and we’ll contact you when you’re ready to talk to us.
All fields marked * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.