Law firm seeking leak victims to launch £500m suit at British Airways

Prosecutors rub their hands with glee

By John Leyden


British Airways faces a £500m lawsuit over its recent mega-breach that exposed payment card details of 380,000 customers.

The airliner last week apologised and offered to compensate customers for any direct financial loss for the attack that took place between 21 August and 5 September via its website and app.

However, an group-action suit* led by SPG Law contends BA has not gone far enough and should be paying travellers for the "compensation for inconvenience, distress and annoyance associated with the data leak".

The action points to compensation rights in the European General Data Protection Regulation, which came into effect in May.

SPG Law, the Brit limb of US firm Sanders Phillips Grossman, set up a dedicated micro-site to get victims to sign up to the case.

The firm, which cynics might dismiss as an ambulance chaser, is recruiting participants on a "no win, no fee" basis. It has suggested its offer is the best and most straightforward way passengers might be able to secure up to £1,500 compensation.

SPG Law said it would cap its fees at a maximum of 35 per cent including VAT.

If the case goes to court, SPG Law acknowledged the possibility that the airline may win and might even be awarded legal costs.

"In the event that it is necessary to litigate, we will arrange insurance on behalf of all Claimants who sign up with us," it said. "This will protect you against having to pay BA's costs in the unlikely event that the claim is lost."

British Airways is yet to respond to a request for comment from The Register. ®


*A group-action lawsuit is the English law equivalent of a class-action lawsuit. SPG Law is also "campaigning" to mount a group-action lawsuit over the VW emissions scandal on behalf of affected drivers. The firm is acting just days after the breach was disclosed and before the dust has settled and the facts are known.

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

'World's favorite airline' favorite among hackers: British Airways site, app hacked for two weeks

380,000 payment cards, personal info slurped by crooks

Revealed: British Airways was in talks with IBM on outsourcing security just before hack

Exclusive El Reg leaked memo sent weeks before crooks swiped payment cards

British Airways hack: Infosec experts finger third-party scripts on payment pages

Airline yet to reveal breach's cause

Card-stealing code that pwned British Airways, Ticketmaster pops up on more sites via hacked JS

Feedify's whack-a-mole with MageCart malware miscreants

Vision Direct 'fesses up to hack that exposed customer names, payment cards

Data including CVV numbers slurped up as customers submitted it to website

Cathay Pacific hack: Personal data of up to 9.4 million airline passengers laid bare

Passport numbers, credit card info etc – combo of stuff leaked 'varies for each' poor sod

BBC micro:bit vendor Kitronik says customers' deets nicked, fingers Magecart malware

We're one of 7,000 victims here, firm insists

Payment-card-skimming Magecart strikes again: Zero out of five for infecting e-retail sites

Customer ratings plugin treated to a malicious rewrite to swipe entered banking info

SMBs: We don't want to spoil all of this article, but have you patched, taken away admin rights, made backups yet?

Backgrounder If yes, wow, you're well ahead of the game

BA staff to google for snaps, dirt on biz-class passengers

Airline denies building secret dossiers on VIPs