British Airways

Opinion: Thousands given green light to sue BA after cyber attack

A recent investigation by the Information Commissioners Office (ICO) found that names, including payment data and addresses, of approximately 500,000 passengers were taken as part of an elaborate attack that saw information – including payment details and addresses -were exposed to the attackers.

Claimants could skyrocket

At a hearing in the UK’s High Court, London, Mr Justice Warby gave the go ahead for the mass legal action. Although British Airways has already been fined £183million over the breach, affected passengers were told they can pursue further legal action if necessary. The ruling cited the ICO investigation, which outlined “poor security arrangements” as the main catalyst for the hack.

The number of claimants could skyrocket after Mr Justice Warby ruled other potential victims of the attack had a 15-month window to join the group legal action.

BA is facing a huge fine and mass legal action as a result of a cyber attack

British Airways announced that it had suffered a cyber attack on its systems last September, forcing the ICO to launch a full investigation into the extent of the hack.

The attack saw the passengers diverted to a fake website where their details were harvested. When BA discovered the breach last September, it informed the Information Commissioners Office (ICO) and contacted affected customers.

Substantial fine

BA is already facing a fine of more than £183 million over the breach, which started in June 2018. An ICO spokesman said the fine is the largest it has handed out since the General Data Protection Regulation came into force last year.

The ICO said BA comprised a variety of information including log in and payment card details with ‘poor security arrangements’. Information Commissioner Elizabeth Denham said she hoped the court ruling sent a message to others to take care of customers’ personal information. She commented: ‘When you are entrusted with personal data you must look after it. ‘Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.’

Recent reports show that cyber criminals are reportedly focusing greater efforts on governments, the public sector and healthcare organisations as prime targets.

Protecting policing

It’s comforting to know that the work the NEP is doing across policing will help ensure forces are protected. The National Management Centre (NMC), which is being rolled out across police forces in England and Wales, provides forces with a nationally-supported cyber security protection facility.

The NMC utilises a range of security tools, technologies and a specialist team of analysts that together are responsible for monitoring, hunting and helping to detect unknown, sophisticated and evasive cyber security threats.

Together they will help police forces ensure these threats can be locked down and eliminated before they can cause damage and disruption. The NMC is the first step in the work the NEP is doing to help police forces transform the way they securely and safely work and collaborate, which is a foundation for delivering the Policing Vision 2025.

Back to top
Back to top


Sign up to make sure you get all the latest straight to your inbox