world of aviation logo

British Airways settles class-action lawsuit over 2018 cyber attack

written by Isabella Richards | July 7, 2021

A British Airways Boeing 787 Dreamliner (Source: BA)

British Airways has settled a UK class-action lawsuit following a major cyber security attack in 2018 where nearly half a million customers had their data released.

The settlement cost was not disclosed, however, it is known that the deal between the IAG-owned carrier and law firm PGMBM did not include any admission of liability on the part of the airline, according to Bloomberg.

Though, the case was filed under the European Union’s General Data Protection Regulation; and the regulator has been known to continuously increase the costs of fines in similar cases, as cyber attacks continue to occur.

“The pace at which we have been able to resolve this process with British Airways has been particularly encouraging and demonstrates how seriously the legal system is taking mass data incidents,” said Harris Pogust, chairman of PGMBM, said in an emailed statement.

The data breach was first reported in June 2018 to the UK Information Commissioner’s Office.

In June 2018, British Airways was found in breach of data laws, where customer information was compromised by poor security management such as released log in details, credit card information, payment card information, names, booking details and address information.

According to the ICO, the user traffic of nearly 500,000 customers was diverted to a fraudulent website where customer details, including credit card information, were harvested by hackers.


In 2019, the UK Information Commissioner’s Office (ICO) had issued British Airways a £183.39 million fine after the personal data of half a million customers was compromised.

However, last year due to the pandemic, British Airways suffered a £2 billion annual financial loss, causing the company to furlough thousands of workers and cut flights for months. Because of this, the ICO reduced the fine for the breach to just £20 million, to mitigate the airline’s debts.

Cyber attacks like this have rapidly infiltrated large corporations over the past few years, but especially airlines.

Last year, the ICO fined Hong Kong’s Cathay Pacific £500,000 for also failing to protect almost 9.5 million customers after personal details were exposed.

Earlier this year, data across numerous airlines had been exposed due to a highly sophisticated cyber attack on an IT system, Sita, which serves roughly 90 per cent of the global aviation industry.

Industry sources have expressed over the years that airlines are most vulnerable to cyber attacks more often than other industries as they are a gold mine of holding the highest quantity of personal data and information.


Each day, our subscribers are more informed with the right information.

SIGN UP to the Australian Aviation magazine for high-quality news and features for just $99.95 per year