Helping victims claim Group Actions worldwide

What next for regulators after the BA cyberattack fine?

Need HELP! Let Us Call You Back...

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.

The Information Commissioner’s Office (ICO) announced that the BA cyberattack fine will be issued at just £20 million following their 2018 data breach.

This came as a shock to many after the ICO announced an intention to issue a fine in the sum of £183 million last year, with the final fine involving a reduction of 90%.

It is thought that the BA fine was reduced so significantly due to the impact of the coronavirus pandemic. The aviation industry in general has seen huge losses in flight and customer numbers as a result of lockdowns in various countries. The ICO appears to have taken this into consideration when issuing the fine, but many believe it is still an insignificant amount to the global airline and that it will not have the desired effect. The big question now is how this could shape regulations and fines in the future, as there is a cause for concern here.

The British Airways data breach

The British Airways data breach affected over 400,000 customers, with highly sensitive data accessible to cybercriminals for a sustained period of time.

Customers who made a booking or changed a booking between 10:58pm on 21st August 2018 and 9:45pm on 5th September 2018 could have been affected by the breach. BA also announced that customers who made a reward booking between 21st April 2018 and 28th July 2018 could also be affected.

The data breach exposed contact details such as names, email addresses and house addresses, as well as payment information. Some victims had their full card details exposed, including the CVV number on the back of the card, meaning victims could be easily targeted for fraudulent payments.

All in all, this was a very serious breach of private information.

Dramatically reduced BA fine

The BA cyberattack fine was expected to be a significant amount due to the highly sensitive nature of the breach. The initial intention to issue £183 million for the BA cyberattack fine was seen as a landmark moment in data breach security. An amount that substantial ought have a significant dissuasive effect on large organisations, aiming to prevent further data breaches at a time when data breaches are occurring almost all the time.

The actual final amount has been deemed as comparably insignificant and risks suggesting that there can be minimal consequences for a data breach, and this could serve to undermine the GDPR. Businesses that can afford to pay dramatically reduced fines may not bother to implement strict security measures and customers may continue to have their personal data exposed.

What next for cybersecurity after such a reduced fine?

Our concern is that the significantly reduced BA cyberattack fine may not lead to the clear deterrent that is needed, and we may see many more big breaches to come. This is not good for anyone, and it seems clear to us that more needs to be done to prevent data breaches as opposed to just dealing with them once the damage has already been done.

The Group Action Lawyers – fighting for justice for BA data breach victims

The Group Action Lawyers is a specialist law firm representing claimants across over 50 different multi-party and Group Actions. We have years of experience in the complex area of data breach law and have pioneered action for privacy breaches since 2014.

If you have been affected by the BA data breach, there is still time for you to join our British Airways Group Action claim here.

We are able to represent eligible victims on a No Win, No Fee basis.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a call back from our team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.

First published by Matt on December 29, 2020
Posted in the following categories: Data Breach Claims Data Breach Compensation Data Group Actions Latest and tagged with | | | | |


Basildon University Hospital maternity unit rated ‘inadequate’.
Thousands could make Essure compensation claims