In June 2018, British Airways (“BA”) fell victim to a hack, exposing the payment details of more than 400,000 customers. In response, the UK’s data protection authority, the Information Commissioner’s Office (“ICO”) started an investigation. Since the BA hack occurred in June 2018, i.e. before the UK left the EU, the ICO investigated the data breach on behalf of all European authorities as lead supervisory authority under the GDPR. The investigation resulted in a 20 million pound fine imposed by ICO on 16 October 2020.
The ICO investigation was quickly followed by a class action suit in April 2020, which is thought to be the biggest claim for a data breach in British legal history. In July 2021, BA announced that it had reached a settlement with a number of the claimants. As the contents of the settlement agreement remain confidential, it is unclear how many of the affected claimants will receive compensation. Nevertheless, it is expected that the pay-outs amount to 2,000 pounds per claimant.