British Airways Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For British Airways Data Breach
By Stephen Hicks. Last Updated 7th September 2021. Welcome to our BA data breach claim/British Airways data protection guide. In this guide, we cover how you can claim British Airways data breach compensation. Over recent years, data protection rules have been tightened up thanks to the General Data Protection Regulation. It was passed into British law through the Data Protection Act 2018. If these laws are breached and cause harm to anybody whose data is leaked, it is sometimes possible for compensation to be claimed. In this guide, we’re going to look at why you could be entitled to make a British Airways data breach compensation claim.
The purpose of the GDPR is to give individuals more control over the personal information that companies hold about them, what purposes they can use it for, and if they’re allowed to share it with other companies.
In addition, the GDPR puts an onus on companies to implement security processes and procedures to ensure data is kept secure. In most cases, your personal information is safe and used in the ways you’ve allowed, but mistakes can happen. That’s why we’re going to look at what could lead to a personal data breach, how they could cause you to suffer and when you might be allowed to ask for compensation.
My Private Date Was Breached By British Airways, Could I Claim Compensation?
Legal Expert provides support for anybody who is considering a British Airways data breach claim. Our team of friendly advisers can assess any claim on a no-obligation basis. They’ll also provide free advice on what steps you need to take and, if the claim appears viable, could refer you to one of our specialist solicitors. If your claim is accepted, your solicitor will conduct the whole case on a No Win No Fee basis.
If you’re in a position to speak to us today about starting a claim, please call one of our advisors on 0800 073 8804. Alternatively, to find out more about claiming for a British Airways data breach, please continue reading.
Select A Section
- A Guide To Data Protection Breach Claims Against British Airways
- What Is A Customer Data Breach Claim Against British Airways?
- GDPR Compliance Checks For Airlines
- British Airways GDPR Data Breach Fine
- How The ICO Carry Our Investigations
- How Could Airline Customer Data Breach Victims Be Compensated?
- Use Our Calculator To Check Your Claims Possible Value
- How Make A Data Or GDPR Breach Claim Against An Airline
- How To Secure The Help Of A Data Breach Solicitor
- No Win No Fee Data Breach Claim Against British Airways
- Start Your Data Breach Claim
- Where To Find Additional Resources
A Guide To Data Protection Breach Claims Against British Airways
Personal data can be used in many ways by companies these days. For example, they might use it to send you receipts, booking forms or products you’ve ordered from them. Another common reason that your data might be used is to keep you up to date with their latest offers and promotions.
Whenever a company wants to process your personal information, though, they need to request your permission under the rules of the GDPR. Importantly, they can’t use your information for any other purpose than what you’ve agreed to. For instance, if you only allow your email address to be stored so you can log in to the company website, they can’t then use it to send you marketing emails.
As we move through the contents of this article, we’ll explain the types of data breach that might occur, what harm they could lead to and we’ll also look at potential compensation amounts. We’ll also provide details of a recent British Airways data breach which led to a large fine by the Information Commissioner’s Office (ICO).
We should explain that there is a limitation period for making data breach claims. In general circumstances, you’ll have 6-years to submit your claim although this can be reduced to 1-year if the claim is about a breach of your human rights. That said, our advice is to try and start your claim as early as you can. That’s due to the fact that it’s usually a lot easier to recall how you were affected the earlier you start. In addition, your solicitor might find it easier to secure substantiating evidence the earlier they begin working for you.
What Is A Customer Data Breach Claim Against British Airways?
Although we often think of computer problems when we discuss data breaches, that’s not the only way they can occur. The GDPR says that data breaches can involve personal information that has either been disclosed, accessed, altered, lost or destroyed by methods that have not been approved. They might be deliberate or unlawful acts, or they could be completely accidental. The leak could involve digital data or physical documentation.
While the GDPR means IT systems should be secured by firewalls and antivirus systems, the new rules also apply to any documentation that is physically stored. For instance, filing cabinets containing documents with personal information should be locked. Also, documentation that has personally identifiable information should be disposed of securely (shredded for instance) rather than thrown into bins or skips where they could enter the public domain.
If an organisation is made aware that a data breach has happened, and there’s the potential it could put somebody at risk, then they must inform the ICO and anybody who’s been affected. They need to explain when the breach happened, how the data was accessed and what information was leaked.
GDPR Compliance Checks For Airlines
To make it easier to understand why a British Airways data breach claim might be possible, we’re going to look at some roles defined within the GDPR:
- The data subject is the person whose personal information is required for processing i.e. a British Airways customer.
- A data controller is an organisation responsible for defining why personal data needs to be collected and how it will be processed.
- The data processor is the company, or an individual, responsible for processing information on behalf of the data processor.
On top of these roles, there are some important principles relating to data processing, which include:
- Data subjects should be told of the reason behind the need to process their personal information.
- Any data should only be stored for the amount of time specified at the time it was collected.
- All stored personal information should be kept up to date.
- The processing of personal data needs to be secure and confidential.
- Data needs to be processed legally, fairly and the process needs to be transparent to the data subject.
- There is a requirement to only capture the minimum amount of data required to fulfil the processing objectives.
- A data controller must be able to show that any processing they oversee is compliant in these principles.
British Airways GDPR Data Breach Fine
Now we’re going to discuss a British Airways data breach which resulted in the ICO issuing a £20 million fine. The breach happened in 2018 and involved personal data relating to nearly 430,000 staff and customers being breached. The ICO issued the fine because British Airways was processing large volumes of personal information with insufficient security measures in place which meant the company had broken data protection laws.
As a result of inadequate security, a cyberattack took place in 2018 and was not spotted by the airline for two months. During the attack, the hacker potentially accessed:
- The names, addresses, credit card and CVV numbers or around 244,000 customers.
- Combined card number and CVV combinations of 77,000 customers (and the card number alone for 108,000 customers).
- Usernames and PINs for up to 612 Executive Club accounts.
- Usernames and passwords of employee and admin accounts.
The ICO decided that there were enough things BA could’ve done to prevent the attack, including:
- Only giving staff relevant permissions to tools and software applications to allow them to fulfil their role.
- Using two-factor authentication tools to protect accounts.
- Undertaking penetration tests on company systems to simulate a cyberattack.
The ICO investigation also found out that BA hadn’t spotted the problem themselves. Instead, a 3rd party spotted the data breach around 2-months after it had occurred. However, it was noted that BA acted quickly once the problem had been raised. If you’re one such victim, you could file a BA data breach claim/British Airways data protection claim for British Airways data breach compensation.
How An Airline May Be In Breach Of Data Protection Laws
As well as cybersecurity issues, here are some other examples of how a company could cause a data breach. Importantly, you’ll see that a lot of these are related to human error while handling physical documentation:
- When an email or letter containing personally identifiable information is sent to the wrong customer.
- If a member of staff accesses records containing your personal information without a business reason to do so.
- Where a company passes information about you to another organisation without your say so.
- If documentation containing information is disposed of insecurely.
Should you believe you’ve suffered as a result of a British Airways data breach, and you’d like Legal Expert to review your case, please call a member of our team today. Provided you have clear evidence of the breach and the harm caused, we could support your case.
How can data breaches occur?
A deliberately-caused data breach could potentially affect an organisation due to cyber attacks or other malicious methods used by other parties. Examples of the types of malicious data breach methods which can affect companies and individuals include the following:
- Hacking/cyber attacks – types of attacks designed to manipulate or deny access to certain data can come in multiple forms. These include DoS (denial of service) attacks, password attacks and malware.
- Computer viruses – A malicious party may be able to manipulate someone with access to personal data to open a link or file on their computer (or another device). This link or file could contain a computer virus which gives the sender access to certain personal data.
- Ransomware – If ransomware is uploaded to a computer with personal data, then it may threaten to delete or leak the information unless a ransom is sent to the sender of the ransomware.
- Phishing – In summary, this type of attack usually involves someone impersonating a legitimate company in order to manipulate individuals into giving personal data (such as their name, address or bank details).
- Physical theft of data – Devices which contain personal data, such as a USB stick or laptop, could be physically stolen.
How The ICO Carry Our Investigations
When you believe a British Airways data breach has caused you harm, if you decide you want to take further action, you’ll need evidence to show what happened. The first way you could go about getting that evidence is to raise a formal complaint with the company.
Once you’ve submitted a complaint, the company needs to take steps to investigate and then report their findings to you. If you don’t agree with the outcome of their investigation, their letter should explain where you can escalate the complaint to. If you follow the process through, but you’re still not happy with the response, you could request an ICO investigation.
The ICO suggests you contact them after it’s been 3-months since your last communication with the company. You should be aware that if you take too long to get in touch with the ICO, they could reject your claim. Something else we should point out is that an ICO investigation will not mean you receive compensation.
The only way that will happen is if you raise a case against the company directly which is where one of our solicitors could help. After they’ve assessed your claim, if they agree to take it on, they will try to agree on an amicable settlement directly with the company. If that looks like it won’t work, they might advise you to lodge your concerns with the ICO to try and find out more about what has happened.
To see whether one of our solicitors could be assigned to your case, why not give the team at Legal Expert a call today? They could handle your BA data breach claim/British Airways data protection claim for BA data breach compensation.
How Could Airline Customer Data Breach Victims Be Compensated?
In this section, we’re going to review what forms of compensation could be awarded in a British Airways data breach claim. There are many different aspects to a claim (that all affect how much you might be paid) which means it’s important your claim is assessed thoroughly before it’s submitted.
In most cases, claims for data breaches are broken down into two parts:
- Material damages claims are used to try and compensate you for any financial losses you’ve suffered.
- Non-material damages claims are used to compensate you for any psychological injuries you’ve suffered.
The claim can be a lot more complex than that but it’s not possible to say what will be included in your claim until it’s been reviewed by your solicitor. For example, when you seek material damages for financial losses, your solicitor will check if there’s likely to be any future losses. This might happen if cybercriminals sell your personal details online and the data is circulated around the Internet.
Also, you can’t simply claim for psychological damage. Instead, your solicitor needs to obtain evidence to show if illnesses like anxiety, depression or stress have affected your ability to cope with everyday life, education or work. In addition, they’ll need to assess how your personal or professional relationships have been affected.
It’s important that all of these complex considerations are made so that your solicitor can try and secure the maximum amount of compensation for you. Also, everything needs to be considered at the same time because, once a claim has been settled, you can’t go back for more compensation later on.
If you’d like your case assessed by a specialist solicitor to try and ensure you receive the all of the compensation you might be entitled to, please let one of our advisors know what’s happened today?
Use Our Calculator To Check Your Claims Possible Value
As we’ve covered why a claim might be possible and what could be included, it’s time to look at compensation amounts. There was an important case heard in the Court of Appeal (Vidal-Hall and others v Google Inc ) which established that it’s possible to claim compensation for any psychological injuries caused by a data breach even if you haven’t lost money because of it, which is different to other compensation claims. In addition, the court ruled that any payments made should be paid at the same rate as personal injury claims.
The table that follows contains example compensation figures for some relevant injuries. The data included in the table is taken from the Judicial College Guidelines which is a document used by insurers and courts to help calculate compensation amounts.
|Injury Type||Level of Severity||Settlement Range||Detailed Comments|
|Post-Traumatic Stress Disorder||Severe||£56,180 to £94,470||This category is for PTSD which causes permanent symptoms and affects all aspects of life. There will be no chance of a return to work or pre-trauma functioning levels.
|Post-Traumatic Stress Disorder||Moderately Severe||£21,730 to £56,180||The symptoms in this category will be similar to above and cause significant disability for the foreseeable future but there will be a chance of recovery with professional help.|
|Post-Traumatic Stress Disorder||Less Severe||Up to £7,680||Covers cases where most PTSD symptoms are resolved within a year or two. Only minor symptoms will continue beyond this.|
To try and ensure you’re compensated fully for your injuries, your solicitor will need to provide evidence to substantiate your claims. Therefore, as part of the claims process, you’ll be booked in for a local medical assessment. In your appointment, you’ll be asked questions about the impact of the data breach and the specialist conducting the assessment will review any medical records that are available. Then they’ll prepare a report which explains their findings and send it to your solicitor.
How Make A Data Or GDPR Breach Claim Against An Airline
As we discussed earlier on, the only way you’ll receive compensation for a British Airways data breach is to claim directly against them. An ICO investigation might help you understand what caused the data breach, but the ICO doesn’t have the power to issue compensation. Therefore, we advise you to speak with a solicitor about making a claim and they’ll work out the best course of action in your case.
How To Secure The Help Of A Data Breach Solicitor
So, if you decide you’d like a solicitor to help you make a claim, how do you choose the best one to represent you? Some people will take to the internet and read online reviews while others will simply look for the most local firm to help them. Another common choice is to ask a friend for a recommendation.
In theory, any of those could help you find the right solicitor to take your claim on, but they could also be time-consuming. You could save that time by calling Legal Expert today. If one of our advisors believes your claim is viable, you’ll be connected with a solicitor who could take your BA data breach claim/British Airways data protection claim on. You can ask them as many questions about how they’ll work for you and what amount of British Airways data breach compensation they hope to achieve before you agree to work for them.
No Win No Fee Data Breach Claim Against British Airways
One of the main reasons people don’t claim personal injury compensation is because they worry about the cost of using a specialist solicitor. To remove that worry and to reduce your financial risks, our team of solicitors offer a No Win No Fee service for any claims they handle.
When you connect with us, your solicitor will verify there’s a reasonable chance of winning the case before providing you with a Conditional Fee Agreement (CFA) to sign. The CFA will outline what work the solicitor will carry out for you and it will also show you that:
- You aren’t expected to pay any fees upfront.
- There are no solicitor’s fees or hidden charges payable while the case continues.
- If your case fails, the solicitor won’t expect you to cover any of their fees.
When a claim is won and compensation received, your solicitor will keep a small percentage to cover their costs. This is called a success fee which is capped by law and listed in the CFA so there are no surprises when your case is finalised.
Start Your Data Breach Claim
To start a claim with Legal Expert today, you can:
- Give us a call on 0800 073 8804 to speak to an advisor for free claims advice.
- Email details of what’s happened to firstname.lastname@example.org.
- Ask for a call back when you start an online claim.
- Use the live chat feature to request advice from a member of our online team.
Where To Find Additional Resources
This is the last part of our guide about making a British Airways data breach compensation claim. To provide additional support we’ve linked to some extra guides and resources for you below:
Local Authority Data Breaches – Advice on starting a claim against the local council following a data breach.
BA Flight Injury Claims – Details on when you could claim for injuries sustained on a British Airways flight.
Cruise Ship Injury Claims – Information on how to claim for injuries or illnesses sustained on a cruise.
Obtain Your Data – Details on how to request copies of your data from companies.
Mood Self-Assessment – Information from the NHS on how to assess your mood and understand how you’re feeling.
ICO Action – An up to date register of action taken by the ICO for recent data breaches.
BA Data Breach Claim FAQs
When was the British Airways data breach?
This took place over the course of August and September 2018.
What happened within this data breach?
More than 420,000 customers would see hackers steal their personal information.
How much would BA be fined by the ICO?
The ICO’s fine for British Airways would eventually total £20 million.
Could I claim compensation after the BA data breach?
If you can prove that you’re a victim of the situation, then you could make a compensation claim.
How would I know if my data was stolen within the BA breach?
You would be wise to contact BA themselves to see if you’re amongst the victims.
How long do I have to make a claim?
You have several years after the data breach, with the time limit varying depending on the situation.
When could I receive my compensation?
This comes once a settlement is agreeable between your legal representation and BA.
And who could manage my British Airways data breach claim?
Legal Expert can do this; please get in touch to see how we can help you.
Thank you for reading our BA data breach claim/British Airways data protection guide. We hope you now know more about how to claim BA data breach compensation.