Compensation lawyers are ramping up their efforts to corral British Airways customers to file claims against the airline following the Information Commissioner’s Office “notice of intent” to fine the business £183.39m under GDPR.
Two UK law firms, SPG Law and Hayes Connor, are suing the airline for damages on behalf of customers who they claim have been affected by the breach, even though BA insists there is no evidence the compromised data – which included name and address, log in, payment card, and travel booking details – has been abused.
The personal information of about 500,000 customers was compromised in the 2018 attack.
SPG Law – the UK division of US law firm Sanders Phillips Grossman – launched its £500m group action against the airline in September last year, just hours after BA fessed up to the hack attack.
In a statement, the legal firm said: “BA’s response has been to only offer to reimburse customers who suffer direct financial losses and to offer credit rate monitoring. This is not good enough.
“Under Article 82 of GDPR you have a right to compensation for non-material damage. This means compensation for inconvenience, distress and annoyance associated with the data leak. BA have treated their customers poorly over the past few years and it is time to stand up to them and take action.
“By joining a group action with thousands of others like you led by the experts at SPG Law, you have the best chance of ensuring you receiver (sic) the highest compensation possible from BA.”
It added: “We are passionate about winning this case and are determined to hold BA to account” and boasted: “In the USA, our sister firm Sanders Phillips Grossman has already won over $1 billion of compensation for consumers in similar cases.”
Meanwhile Hayes Connor said: “We are experts in data breach cases, and, once you have registered with us, it’s not uncommon that we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law.
“That’s why it’s important not to be fobbed off by a low initial offer from British Airways. Instead, by making a no-win, no-fee claim with us, we can increase the amount of compensation you receive substantially.”
While admitting “each case is different”, Hayes Connor says it expects to claim up to £5,000 per person, SPG Law, however, is not quite so bullish, insisting claimants “could be eligible for up £2,000 or more”.
As far back as October 2017, Decision Marketing reported on the emergence of an army of “no win, no fee” compensation lawyers seeking to exploit GDPR data breaches.
At the time, Robert Bond, a partner at law firm Bristows, said: “The area we foresee [being used] is emotional distress – having ambulance-chasing lawyers saying, ‘have you lost sleep because your data might have been exposed?’ You can imagine, if a million people make a claim of £1,000 each, that dwarfs any of the other fines.”
But law firms are not just chasing claims under GDPR. Last year, Ashfords LLP, which has offices in the South-West as well as a significant presence in London, launched action against Facebook over the Cambridge Analytica scandal, claiming that users could be in line for up to £12,500 each in compensation.
However, so far not a single penny has been paid in data breach compensation cases. One of the first UK class actions, launched in 2015 against Morrisons following the theft of employee data, has been bounced round the High Court like a tennis ball.
In December 2017, the High Court ruled in the claimants’ favour; Morrisons then appealed but this was booted out in October 2018, but in April this year Morrisons won the right to have the case heard in the Supreme Court. A date has yet to be set for the hearing.
BA faces record £183m GDPR fine for data meltdown
Law firm launches group action over BA data breach
British Airways grovels as 380,000 hit by data breach
Data breach complaints soar by 160% in three months
British Airways grounded as data privacy storm erupts
Morrisons loses appeal against data breach pay-out
Top law firm sets up Facebook UK compensation scheme
Thousands of Morrisons staff to get data leak pay-off
Morrisons staff start High Court fight over 2014 breach
Morrisons staff take legal action over 2014 breach
Brace yourselves for the GDPR data ambulance chasers