Cyberattack payouts for British Airways

Abstract concept representation of a data breach.
Travel insurance

Following last week’s cyberattack, in which the personal details of 382,000 British Airways (BA) customers were uploaded to the dark web, the airline could be looking at thousands of pounds in compensation costs – as well as a major fine.

The potential fine for the data breach – should it be found by regulators that BA has breached new European data privacy regulations – could be as high as £897 million. On top of this, the beleaguered airline could also be faced with a number of payouts due, according to law firm SPG Law, to British Airways allegedly compensating customers for ‘direct financial losses’ but not ‘inconvenience, distress’ or ‘the misuse of their private information’. Each individual claim could be as high as £1,250.

“BA is liable to compensate for non-material damage under the Data Protection Act 2018,” said Tom Goodhead, Partner at SPG Law, “and SPG Law will hold them to account.”

A spokesperson for the airline, meanwhile, has said that ‘no customer will be left out of pocket … the airline has guaranteed that financial losses suffered by customers directly because of the theft of this data from British Airways will be reimbursed’.

Travelinsuranceexplained’s Fiona Macrae commented: “The cyberattack on British Airways last week has no doubt caused huge upset and distress for the customers whose details have been leaked. Although BA has already confirmed that the financial loss their customers have suffered will be reimbursed, this doesn’t mean additional compensation is available through your travel insurance policy. However, customers can approach the Information Commissioner’s Office to pursue a complaint about their data being compromised.”