Have you been affected by the British Airways data breach?

On Friday 4 October 2019, the High Court ruled that around a half a million British Airways customers were entitled to bring compensation claims against the airline following a data breach in September 2018.

The breach occurred after BA suffered a cyber-attack on its systems and the Information Commissioners Office (ICO) investigated, finding around 500,000 customers had been affected.

What data was breached?

The investigation revealed that personal details, including:

  • payment data
  • names
  • addresses

… were compromised by the hack.

The ICO's investigation found that passenger’s information was lost by poor security including login, payment card and travel booking details as well as customers' names and addresses.

As a consequence, the ICO announced its intention to impose a record fine of more than £183million on BA over the breach. This would represent the largest fine under GDPR to date.

The General Data Protection Regulation (GDPR) was introduced in May last year and means firms can be fined up to four per cent of their annual turnover for data breaches.

How Did This Happen?

The cyber criminals created a scam which diverted BA passengers to a fake website through which their details were harvested by the attackers.

When they became aware of the cyber-breach, BA released a statement and began to contact affected customers.

What Has the Court Said?

The High Court granted a group litigation order at a hearing in London, paving the way for mass legal action against BA. However, the window of opportunity for dealing with this and joining the group litigation is 15 months.

What should I do if my data was breached?

If you are a BA customer who was affected by the data breach then the airline should have contacted you already.

We understand that if you are a customer who booked via or the BA app between 21 August 2018 and 5 September 2018, then you will be affected.

Data Breach Compensation

You have the right to compensation for non-material damage (such as inconvenience and distress) following the data breach by BA. 

We help clients who have suffered distress and anxiety and inconvenience arising out of such data breach claims and we will seek compensation for you against BA.

We will take on your case as a NO-WIN, NO-FEE claim, so there are no costs to bringing the action against BA for the compensation you deserve.

Contact us now!  

Personal Data Breach Claim

This form is for you to complete if you believe your personal data has been compromised by a third party and you wish to bring a civil claim for compensation. At this stage we ask that you do not include any sensitive personal data which may have been involved in the breach when completing this form. For example, if the effect of the breach was that your sensitive medical health records have been wrongly disclosed to someone else, please do not provide us with what the specific details are. This type of information is known as ‘special category’ data and we may ask for it later.


Invalid Input

Email Address

Invalid Input

Phone Number

Invalid Input

Name of the third-party/ organisation

Invalid Input

Address of third-party/ organisation

Invalid Input

How do you know the third-party/ organisation

Invalid Input

About The Breach

What has happened?

Invalid Input

Was the breach caused by a cyber incident?

Invalid Input

How did you find out about the breach?

Invalid Input

When did the breach happen

Invalid Input

What type of your personal information was included in the breach? (tick all that apply)

Invalid Input

If 'Other' selected, please specify

Invalid Input

Potential consequences of the breach

Invalid Input

Please give details of anything else you believe is relevant

Invalid Input

Invalid Input


What our clients say

How can we help you?

To find how our friendly and knowledgeable solicitors can help you, contact us today.

Get in touch - 0151 659 1070