Airline spends around £ 30million to bounce sueball • The Register
British Airways has settled the not quite class action * lawsuit against it, paying around £ 32million to clear the data breach case in the High Court of England and Wales .
PGMBM, one of the law firms that brought the group’s dispute against BA to the High Court, said in a statement that the case was settled on “confidential” terms.
“The resolution includes a provision for compensation of eligible claimants who were part of the litigation. The resolution does not include any admission of liability by British Airways Plc,” PGMBM said.
The lawsuit was based on the BA 2018 data breach, where the credit card details of 380,000 people were stolen thanks to a Magecart infection on its payment processing pages.
The airline had been recording card details in plain text since 2015 and had not implemented MFA in all areas, as we reported when regulators fined BA for its pisspoor data security practices This includes registering a Windows domain administrator username and password in plain text.
A BA spokesperson said: “We apologized to customers who may have been affected by this issue and were glad we were able to sort out the class action. When the issue arose, we took action. quickly to protect and inform our customers. “
A spokesperson for PGMBM confirmed The register that today’s settlement – which does not include any admission of wrongdoing – still counts as a victory, so its no-win, no-cost promise to people who signed up to receive cash payments remains true. With legal fees capped at 35 percent of BA’s total payment, this is an exceptional salary for lawyers.
The law firm Keller Lenkner said on its Web page advertisement for claimants: “From our experience and looking at similar cases, compensation of around £ 2,000 per claimant (on average) seems likely.”
Sky News reported this morning that 16,000 people have applied to be part of the Group Litigation Order (GLO), meaning the airline may have paid around £ 32million – potentially less – for prevent the case from being judged. It was written in pencil in the High Court for trial next summer before news of today’s settlement broke. Neither party wished to comment on the amount of the settlement.
The Information Commissioner’s Office fined BA £ 20million for the breach last year, after previously threatening to impose a fine of 747. The impact of the COVID-19 pandemic on the airline’s finances was one of the main reasons for the drastic reduction in the fine.
In 2018, when first brought up, the lawsuit would be worth up to £ 500million if every eligible customer signed up.
Harris Pogust, chairman of PGMBM, said in the law firm’s statement: “The pace at which we have been able to resolve this process with British Airways has been particularly encouraging and demonstrates how seriously the legal system takes data incidents. massive. This is a very positive sign as we anticipate what will be an even bigger case against EasyJet regarding their data breach in 2020, as well as other similar international actions. “
The latter case is still pending before the courts. If the nine million people eligible to sue Easyjet for that airline’s data breach in 2020 were to register for it, it could cost the Orange carrier up to £ 18 billion. ®
All did not go in the opinion of the lawyers in the BA litigation. A few months ago, the law firms behind the GLO lost an attempt to charge BA for their advertising costs by attracting clients to the case, leaving them on the hook for £ 433,000. Small change in the world of data breach lawyers. ®
* This case, in particular, was a Group Litigation Order (GLO) – you can read more about collective disputes in English courts here.