British Airways (BA) has settled the group litigation which was being pursued by over 16,000 claimants following the catastrophic data breach which it suffered in 2018, which is thought to have impacted more than 420,000 customers and staff.   Although the terms of the settlement remain confidential, lawyers acting for many of the claimants have suggested that each claimant could receive up to £2,000.  If that is right, this settlement could see BA paying out approximately £30million in compensation, plus legal costs.

The Information Commissioner's Office (ICO) had already fined BA £20m in its resulting regulatory action - which in itself was a huge reduction from the £183m which the ICO had intended to levy at the airline (the plight of the airline industry in general post Covid being the key factor which the ICO took into account when it reduced the fine - something it may be less ready to do in the future).  

The now settled civil litigation is the biggest group action personal data breach claim in the history of the English courts but is likely to be the first of many as these mass data breaches, and the group actions which arise from them, become more and more common.