British Airways settles a legal claim made by a group of the airline’s customers and staff whose data had been leaked during the massive data breach incident that happened in 2018.

The UK mediation between claimants and British Airways was resolved on confidential terms, law firm Pogust, Goodhead, Mousinho, Bianchini, and Martins (PGMBM) announced in a statement on July 5, 2021. The airline agreed to pay compensation for qualifying claimants but did not admit liability, the company said. 

British Airways issued a brief statement announcing that it was “pleased [to have] been able to settle the group action”. The airline apologized to the affected customers and staff, whose private data, including names, addresses, and payment card details were breached in 2018. 

Over 420,000 customers and staff personal and financial data were leaked during a cyber-attack incident in 2018. Following an investigation, the UK Information Commissioner’s Office (ICO) deemed that the air carrier had been processing a significant amount of its customers’ data without applying proper security measures. If British Airways had identified and resolved weaknesses of its security measures on time, it could have prevented the 2018 cyber-attack when the data was leaked, the authority believed.

For infringements of the General Data Protection Regulation, the British authority initially planned to fine British Airways with a £183 million (more than $252 million) penalty. However, ICO revised down the fine to £20 million in 2020.