british airways data breach
, ,

Why should you claim compensation for the British Airways data breach

In 2018, almost 400,000 British Airways customers had their bank card details stolen in what is being called one of the most severe cyber-attacks in UK history. In response, the airline is now facing legal action from thousands of people in the UK. As expert data breach solicitors, here at Hayes Connor, we launched a British Airways Data Breach Group Action to help victims of this breach claim compensation. But since then, two more data breaches were uncovered at the airline.

What happened in the 2018 BA data breach?

Cybercriminals carried out a “sophisticated, malicious criminal attack” on the British Airways website. This attack has put the personal and financial details of customers making bookings at risk. In total, about 380,000 transactions were affected.

Along with the financial info stolen, the hackers also gained access to personally identifiable information (PII). If this information gets into the wrong hands, it can be used to undertake identity and financial fraud.

British Airways admitted that the cybercriminals spent more than two weeks accessing data online before the hack was spotted and reported. This increases the risk substantially.

A second BA data breach

To make matters worse, when investigating this case, a second data breach was uncovered. In this instance, 77,000 people had their names, addresses, email addresses and detailed payment information taken. This included card numbers, expiry dates, and card verification value (CVV) numbers

What happened in the 2019 BA data breach?

In the latest British Airways data breach, researchers at security firm Wandera uncovered unencrypted links within BA’s e-ticketing process. Furthermore, they have warned that this vulnerability means that attackers could easily intercept these links. This means that they could access and change the flight booking details and personal information of passengers.

The vulnerability with British Airway’s e-ticketing system may have also exposed sensitive passenger information.

Should you accept compensation from British Airways?

After the first data breach was uncovered, British Airways said that compensation claims would be discussed on an ‘individual basis’. However, it is not up to the airline to dictate the terms of any compensation payments.

At Hayes Connor Solicitors, we are experts in data breach cases, and, once you have registered with us, it’s not uncommon that we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. That’s why it’s important not to be fobbed off by a low initial offer from British Airways. Instead, by making a no-win, no-fee claim with us, we can increase the amount of compensation you receive substantially.

Why launch a group action?

A group action is undoubtedly the best way forward for data breach claims of this nature. It allows people with the same type of claim in principle to bring it together on a collective basis to strengthen their overall position and increase their chances of settlement or success in litigation.

Find out more about group actions.

What should you do now?

For anyone worried that their data has been exposed by British Airways, you should:

  1. Determine what was stolen. To protect yourself as much as possible you need to know what kind of information was accessed in the data breach. British Airways should be able to advise you on this
  2. Contact your bank. If any financial information has been stolen, contact your bank or credit card provider immediately and explain that your account is at risk of fraud. As well as issuing a new card, the bank should be able to advise you if it detects suspicious activity on your account
  3. Change your passwords. If an online account (such as an email address) has been compromised, change the password right away. You should also change all other accounts that use the same password, and – if your email could be compromised – any accounts that could be accessed via your email. To keep you safe in the future, create a secure, unique password for each account (you might want to consider using a password manager to do this for you)
  4. Deploy additional security measures. If an app or website offers two-factor authentication to protect an account, use it
  5. Be vigilant. Beware of scammers using your stolen data against you. For example, don’t click on any links in emails asserting to be from your bank and always use the numbers they provide on their website if they ask to talk to you
  6. Sign up for a credit and/or identity-monitoring service. This will help you to monitor your financial accounts and sensitive personal information. Many organisations will offer such services free following a data breach but it’s important to check the small print. Be careful that in accepting any offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date
  7. Keep a record. Make a list of all the accounts that could have been accessed and note down why you are concerned about them
  8. Inform the Information Commissioner’s Office (ICO) about your concerns. At present the ICO is undertaking an investigation into the British Airways Data Breaches. While it does not award compensation, if the ICO believes that the organisation in question broke the law, you can use this information in court to help prove your claim
  9. Contact Hayes Connor Solicitors ASAP. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.

Data breaches often have severe consequences for those affected. And crucially, it doesn’t matter if you haven’t lost out financially or have suffered emotionally as a result of the hack. If an organisation has failed to protect your personal data, you have a right to claim compensation. Even if you haven’t suffered as a result.

Furthermore, because we offer no-win, no-fee funding arrangements, you have nothing to lose.

Find out more about no-win, no-fee.

in our British Airways data breach group action compensation claims, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

 FIND OUT MORE

 

 

BA group action
, , ,

Hayes Connor sees surge of interest in British Airways data breach

Since British Airways (BA) customers had their personal data stolen in a series of breaches, we have been contacted by hundreds of people who were put at risk by the airline. And, in good news for consumer-rights, in October 2019, the Court gave its permission for official legal action to be launched against the airline. Since this decision, lots of new clients have contacted us to join our BA group action case.

What happened in the BA group action case?

In 2018, hackers accessed the BA website and mobile app to steal information including card details, addresses, email addresses and travel arrangements. According to an investigation by the Information Commissioner’s Office (ICO), some passengers were taken to a fake website where hackers harvested their details. As a result of this breach, many customers were forced to change their bank accounts or credit cards.

Why is this BA’s fault?

Following an investigation, the ICO found that the hacks were only possible due to inadequate security arrangements at the airline. In response, it is planning to impose a fine of more than £183 million on BA. But, none of this money will go to the victims.

Leading the way when it comes to data breach law

To secure justice for data breach victims, it’s vital that organisations are held to account for their security failures. And, at Hayes Connor, we believe we are the best firm to help BA customers to achieve this. This is because we are a true specialist in data breach law. This is all we do. And, because of this, we have the legal expertise needed to take on big players such as BA. We also have experience in similar huge cases against the likes of Ticketmaster and Equifax.

In addition to our own legal expertise, we also work with expert barristers to help us win our cases. So, we are confident that our team will get the results you deserve.

Crucially, when it comes to making a compensation claim, a lack of care can leave data breach victims open to advice and representation below the standard expected. And this could see you lose out financially as a result.

Our No-Win, No-Fee BA group action makes sure you are protected against all possible costs

At Hayes Connor, we offer a No-Win, No-Fee guarantee. This makes sure our clients are protected and insured against all possible outcomes.

Find out more about what No-Win, No-Fee means.

Why join our BA group action?

At Hayes Connor Solicitors, we have already started a group action claim against British Airways to help victims of this data breach to secure compensation. This means we have everything in place ready for you to join. And, we are using the evidence uncovered by the ICO to make the strongest possible case.

Unlike other UK law firms, we have experience in group action data breach cases. Where cases are very similar, such group actions can be a powerful tool and can have a bigger impact than a single claim.

Don’t miss out on the compensation you deserve!

The deadline to join the BA Group Action has been set by the Court. And, our group action is still open to you to join. You can make a claim even if the theft of your data has not caused you any harm or distress.

However, we would recommend that you join ASAP to give you plenty of time. We are already gathering evidence to give our clients the best possible chance of success. There may also be the chance to secure a settlement before this case gets to Court.

Without joining a group action, hundreds of thousands of people could miss out on the compensation they deserve.

To join our British Airways data breach group action compensation claim, register with us today.

 REGISTER NOW

ba group action
, ,

British Airways data breach group action gets the go-ahead

British Airways (BA) customers have been given permission to launch compensation claims against the airline following a huge data breach in 2018. At the High Court , Mr Justice Warby granted a group litigation order, paving the way for the group action against BA.

What happened in this case?

Last year, almost half a million British Airways customers had their personal data stolen in series of breaches.

Hackers accessed the BA website and mobile app to steal information including card details, addresses, email addresses and travel arrangements. According to an investigation by the Information Commissioner’s Office (ICO), some passengers were taken to a fake website where hackers harvested their details. Also, many customers were forced to change their bank accounts or credit cards.

Earlier this year, the ICO announced its intention to impose a fine of more than £183 million on BA over the breach. The series of hacks, were some of the most severe cyber-attacks in UK history. And they were only possible due to inadequate security arrangements at the airline.

But, while the ICO has the power to impose data breach fines, it does not give this money to victims. That’s why making a compensation claim is so important. Furthermore, we can use the evidence uncovered by the ICO to make a very strong case. So, if your data was put at risk by BA, you should now make a data breach compensation claim.

Join our No Win, No Fee, BA compensation case

At Hayes Connor Solicitors, we have already started a group action claim against British Airways to help victims of this data breach to secure compensation.

We can help you claim compensation for financial losses, as well as for inconvenience and distress. And, following a recent ruling[1], we can now claim on your behalf even if you haven’t suffered financial or emotional damage as a result. The loss of control of your personal information is sufficient grounds to make a claim.

What is a group action case?

A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known as class actions or multi-party actions.

With a group action claim, this group of people (the Claimants) collectively bring their cases to court against a Defendant (in this case, British Airways). These victims then fight together to achieve compensation in the High Court of Justice.

Where cases are very similar, group actions can be a powerful tool and can have a bigger impact than a single claim.

Use a data breach expert for the best chance of success

At Hayes Connor Solicitors, we believe that the best way to make big companies pay for their data protection failures is to use a specialist lawyer. Of course, you would expect us to say that – but let us explain why.

We have become a true specialist in data breach law. This is all we do. And, because of this, we have the legal expertise needed to take on big players such as BA, Ticketmaster and Equifax.

In addition to our own legal expertise, we also work with expert barristers to help us win our cases. So, we are confident that our team will get the results you deserve.

Crucially, when it comes to making a compensation claim, a lack of care can leave data breach victims open to advice and representation below the standard expected. And this could see you lose out financially as a result.

Don’t miss out on the compensation you deserve in the BA group action!

Since the data breach, we have been contacted by hundreds of people who were put at risk by BA.

The action that we are taking is still open to you to join. But, as we have already started our group action case, it is vital that you register with us ASAP.

To join our British Airways data breach group action compensation claim, register with us today.

REGISTER NOW


[1] Lloyd v Google

BA data breach
, ,

BA one of many airlines to expose sensitive passenger information

A vulnerability with British Airway’s e-ticketing system has exposed sensitive passenger information. This flaw could allow a “malicious actor” to change the flight booking details and personal information of passengers. It also means that customer information could be exposed and fall victim to cybercriminals. The data at risk is thought to include:

  • Email addresses
  • Phone numbers
  • Membership numbers
  • First and last names
  • Booking references, itineraries, flight numbers, flight times, seat numbers and baggage allowances.

Worryingly, BA is not alone. Similar security bugs have also been found at several other airlines. This includes Southwest, KLM, Air France, Jetstar, Thomas Cook, Vueling, Air Europa and Transavia.

Speaking about the risk to passengers, Israel Barak, chief information security officer at cybersecurity company Cybereason, said: “For the consumer flying with British Airways, or with other carriers, they should be working under the assumption that their personal information has been compromised many times over.“

Is British Airways taking this e-ticketing data breach seriously?

Shockingly, it doesn’t seem to be. In fact, while the flaw was discovered in July, the researchers who found it (and whole told BA about it), claim that the problem still exists. This is particularly galling as, just a few weeks ago, the ICO announced plans to fine British Airways a whopping £183.93 million for ANOTHER data breach.

Questions must be asked about what it will take to make BA meet its legal responsibilities and protect its passengers.

Who has been affected by the BA e-ticketing data breach?

It is estimated that 2.5 million connections were made to the affected British Airways domains over the past six months. So, the potential impact is thought to be “significant.”

Cybersecurity scandals have plagued British Airways

Airlines must take action to ensure that all steps where personal information is accessible are secure. And for BA, with a history of data protection failures, this must become an urgent priority.

  • In September 2018, approximately 380,000 card payments were compromised after BA’s website and mobile app suffered a security breach
  • When investigating this case, a second data breach was also uncovered. In this instance, 77,000 people had their names, addresses, email addresses and detailed payment information taken. This included card numbers, expiry dates, and card verification value (CVV) numbers. Also, a further 108,000 people had their personal details stolen.

Can you make a BA data breach claim?

At Hayes Connor Solicitors, we are helping hundreds of BA passengers to claim compensation following the 2018 BA data breach.

However, at the moment, it is unclear if the exposure of personal and sensitive data in this latest breach has led to any customers suffering losses as a result. If you feel that you may have been affected, and have evidence of any loss or fraudulent activity, please let us know. We’ll keep you informed about this case and let you know if, and when, you can claim.

You can also contact us if you are worried that your data has been exposed by another airline.

The BA data breaches were able to happen as the airline failed to implement reasonable and robust security processes. So, claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously is by taking strong and decisive action.

REGISTER NOW 


Data protection solicitors

At Hayes Connor Solicitors, we are committed to upholding the data protection rights of our clients. For more advice on your rights, and how to keep your data safe, follow us on Twitter and Facebook.

 

british airways data breach
, ,

ANOTHER British Airway’s Data Breach

Yes, that was our reaction too! A vulnerability with British Airway’s check-in procedures has, once again, exposed passenger information. Astonishingly, this comes just weeks after The ICO announced plans to fine British Airways £183.93 million for its 2018 data breach.

What has happened in the third BA data breach?

Researchers at security firm Wandera have uncovered unencrypted links within BA’s e-ticketing process. They warned that this vulnerability means attackers could easily intercept these links to access and change the flight booking details and personal information of passengers.

A spokesperson from Wandera said:

“In an effort to streamline the user experience, passenger details are included in the URL parameters that direct the passenger from the email to the British Airways website where they are logged in automatically so they can view their itinerary and check-in for their flight.

 “The passenger details included in the URL parameters are the booking reference and surname, both of which are exposed because the link is unencrypted.”

Email addresses, phone numbers, membership numbers, first and last names, booking references, itinerary, flight numbers, flight times, seat numbers and baggage allowances could also be exposed.

BA is not alone

The threat was discovered last month. It came to light after someone from the Wandera research time accessed BA’s e-ticketing system from its network. But BA is not alone. The security firm also discovered similar weaknesses affecting several other airlines. This includes Southwest, KLM, Air France, Jetstar, Thomas Cook, Vueling, Air Europa and Transavia.

Speaking about the risk to passengers, Israel Barak, chief information security officer at cybersecurity company Cybereason, said:

“For the consumer flying with British Airways, or with other carriers, they should be working under the assumption that their personal information has been compromised many times over. “

Already helping hundreds of BA passengers to claim compensation following the 2018 BA data breach, data protection expert and managing director at Hayes Connor Solicitors Kingsley Hayes added his insight into this matter. He said:

“While this latest issue is not limited to British Airways, after recently experiencing two high-profile data breaches, the company should be taking customer security far more seriously.

“You would have thought that – at the very least – BA would have ensured robust encryption was in place at each and every point personal information is processed. But clearly, the threat of a huge fine from the ICO isn’t enough for BA to take its data protection responsibilities seriously enough.

 “The airline must now undertake an in-depth and thorough review of all its processes to make sure that it isn’t putting customers at further risk of cybercrime. Although, that might be too little too late given the damage already done.”

Can you make a BA data breach claim?

It is unclear if the latest breach has led to any customers suffering losses as a result. If you feel that you may have been affected, and have evidence of any loss or fraudulent activity please let us know.

Or, find out more about joining our 2018 data breach group action here.

The BA data breach was able to happen as the airline failed to implement reasonable and robust security processes. So, claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously is by taking strong and decisive action.

REGISTER NOW

ba data breach
, , ,

What evidence do you need to join the BA data breach?

The ICO has announced plans to fine British Airways (BA) a whopping £183.93 million for its 2018 data breach. As a result of the BA data breach, almost 400,000 British Airways customers had their personal details and bank cards stolen. Enough details were exposed to make the threat of cybercrime a real possibility. Many banks had to cancel and re-issue cards as a result of the breach.

While cybercriminals caused the breach, the ICO is coming down strong on BA. This is because the privacy violation was only possible due to inadequate security arrangements at the airline.

However, while the ICO has the power to impose data breach fines, it does not give this money to victims of the data breach. As such, we have launched a group action to help victims of the BA data breach to get the compensation they deserve. And, we are currently collating valuable information about how this privacy violation has affected people to help us make the strongest claim possible.

What do you need to join our BA data breach?

To join our BA group action, we need evidence that your data was put at risk by the data breach. British Airways claims that it has emailed everyone involved in the violation, so if you still have that email, we can use that to start your claim.

However, in some cases, victims of the British Airways breach may not have received this email. For example, it might have gone into your spam folder. As such, we would advise you to check to make sure you haven’t received an email from the company (but do not click on any suspicious links).

Of course, if the email did go into your spam folder, it may have already been automatically deleted. If this is the case, you will need to provide alternative evidence.

If you haven’t got the email from BA, you can provide:

  • Evidence that you purchased tickets from BA on or between 22.58 on the 21st August 2018 and 21.45 on the 5th September 2018. Only people who bought tickets during this specific timeframe were impacted by the data breach
  • Evidence of any fraudulent transactions/attempts/alerts/cancelled cards that relate specifically to the card you used to purchase tickets from BA
  • Confirmation that, as far as you are aware, your card was not put at risk by another data breach.

What if you haven’t suffered any losses?

If you did use your card to purchase tickets during the above period, but haven’t yet been the victim of any fraudulent activity, this doesn’t mean that you are safe. Often data stolen by cybercriminals is used in batches over time. So, the losses incurred by a data breach are not always immediately apparent.

As such, if you used your card during the affected period, and are worried that you could be at risk, you can still let us know.

What can you do if you were affected by the British Airways data breach?

At Hayes Connor Solicitors, our BA group action allows people affected by this breach to bring a claim on a collective basis. This strengthens their overall position and increases their chances of success.

The BA data breach was able to happen as the airline failed to implement reasonable and robust security processes. So, claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously is by taking strong and decisive action

To join our British Airways data breach action compensation claim, register with us today. We can help you claim compensation for financial losses, as well as for inconvenience and distress.

REGISTER NOW

british airways breach
, ,

Don’t leave it too late to join the British Airways data breach

This week, the ICO said that it is considering fining British Airways a staggering £183 million for its part in one of the most severe cyber-attacks in UK history. This is because, while cybercriminals hacked the airline, the British Airways data breach was only possible due to inadequate security arrangements.

As a result of the data hack, almost 400,000 British Airways customers had their personal details and bank cards stolen. Enough details were exposed to make the threat of cybercrime a real possibility. Many banks had to cancel and re-issue cards as a result of the breach.

Don’t leave it too late to join our No Win, No Fee, BA data breach compensation case

At Hayes Connor Solicitors, we are taking a group action against British Airways to help victims of this data breach to claim compensation. We can help you claim compensation for financial losses, as well as for inconvenience and distress.

Make sure you don’t miss out on the compensation you deserve!

Since the data breach, we have been contacted by hundreds of people who were put at risk by BA. And, if you have been in touch about joining this case, it’s vital that you now complete and return the information we have sent to you (links included in our initial documentation).

If you have misplaced this information, or if you require copies, please do not hesitate to email us at enquiries@hayesconnor.co.uk

What if you haven’t previously contacted Hayes Connor Solicitors about the BA data breach?

The action that we are taking against BA is still open to you to join. But, as we have already started our group action case, it is vital that you register with us ASAP.

What is a group action case?

A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known as class actions or multi-party actions.

With a group action claim, this group of people (the Claimants) collectively bring their cases to court against a Defendant. In this case, British Airways. These victims then fight together to achieve compensation in the High Court of Justice.

Where cases are very similar, group actions can be a powerful tool and can have a bigger impact than a single claim.

What does the ICO fine mean for this case?

Investigating why the British Airways data breach was able to happen, the ICO found that information was able to be compromised by inadequate security arrangements at BA. This means that BA will be held responsible for its failure to protect customer data. But, while the ICO has the power to impose data breach fines, it does not give this money to victims of the data breach.

However, we can use the evidence uncovered by the ICO to make a very strong case. So, if your data was put at risk by BA, you should now make a data breach compensation claim.

To join our British Airways data breach group action compensation claim, register with us today.

REGISTER NOW

 

British Airways data breach
,

British Airways to be fined £183m after customer data breach

Last year, almost 400,000 British Airways customers had their personal details and bank cards stolen in one of the most severe cyber-attacks in UK history. In response, the airline is now facing a staggering £183 million penalty by the Information Commissioner’s Office (ICO).

However, while the ICO has the power to impose data breach fines, it does not give this money to victims of the data breach. So, if your data was put at risk by BA, you should now make a data breach compensation claim.

What has the ICO said about the British Airway’s data breach?

Commenting on the proposed fine, Information Commissioner Elizabeth Denham said:

“People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience.

“That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

British Airways has said that it is surprised and disappointed about the huge penalty.  However, this is still only worth 1.5% of its worldwide turnover. What’s more, under data protection rules, the fine could have been as large as £488 million. So BA could be getting away lightly.

Despite this, BA is hoping to appeal. And, the ICO has said that it will “consider carefully” the representations BA makes as well as other concerned data protection authorities before it takes its final decision.

What did British Airways do wrong?

British Airways customers had their details stolen over 15 days in a massive data breach. The attack put the personal and financial information of customers making bookings at risk. Enough details were exposed to make the threat of cybercrime a real possibility. Also, many banks had to cancel and re-issue cards as a result of the stolen data. In total, about 380,000 transactions were affected.

Investigating why this breach was able to happen, the ICO found that information was able to be compromised by inadequate security arrangements at BA.

Commenting on the proposed penalty, Kingsley Hayes, managing director at Hayes Connor Solicitors said:

“This is the most significant penalty ever handed out by the ICO, and the first to be made public under the new GDPR. With such attacks often having a devastating effect on victims, we are delighted that the ICO is taking the BA data breach so seriously.

“From the start, BA has tried to delay acting on its responsibilities to its customers. For example, when the breach first happened, it said that compensation claims would be discussed on an ‘individual basis’. However, it was never up to the airline to dictate the terms of any compensation payments.

“Following the ICO’s announcement, it looks like the company is still not taking responsibility for its data protection failures in so far as its customers compensation claims are concerned and their lawyers still fail to take a proactive approach to resolving those”.

What can you do if you were affected by the British Airways data breach?

At Hayes Connor Solicitors, we are taking action against British Airways. The action allows people with the same type of claim to bring it together on a collective basis. This strengthens their overall position and increases their chances of success.

The BA data breach was able to happen as the airline failed to implement reasonable and robust security processes. So, claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously is by taking strong and decisive action

To join our British Airways data breach action compensation claim, register with us today. We can help you claim compensation for financial losses, as well as for inconvenience and distress.

REGISTER NOW

data breach compensation
, , ,

How has the British Airways data breach hurt passengers?

At Hayes Connor Solicitors, we’re helping victims of the British Airways data breach to claim compensation after their personal information was put at risk by the airline. An organisation they trusted to look after it.

But all too often, we hear accusations that the people trying to recover from the BA data breach are “trying to get something for nothing”.

However, data privacy breaches can have a severe and often lasting impact on those affected. As such, we believe it is vital that organisations like BA are held to account for their failure to protect our personal information.

Brand loyalty is all well and good, but it’s vital that we don’t put the needs of big companies above the rights of customers.

Here’s why we believe it’s essential that people are able to hold businesses like BA to account.

The financial impact of cybercrime can be very harmful

Cybercrime can result in financial fraud and identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Despite claims from BA that it had not received reports of fraud resulting from the attack on its systems, in November last year it was reported that Russian hackers might have made millions selling credit card details stolen from BA customers.

And, even if nothing has been done with that information as yet, it doesn’t mean the stolen data is safe.

Working exclusively on data breach and cybercrime cases, it has become clear to our solicitors that the impact and losses people sustain following a data privacy violation are not always immediately apparent. Indeed, in the Ticketmaster data breach, we are starting to see cases where the impact only became clear months later. This is often because data stolen is used in batches over time.

To date, 63% of all the clients we took on in the Ticketmaster data breach case suffered multiple fraudulent transactions on their payment cards.

So, as yet it’s impossible to say how many people have been impacted by the BA data breach, and to what extent.

Certainly, according to an article in The Metro, at least one BA customer is reported to have suffered fraudulent activity on their credit card, which was used to book a BA flight during the time the data was at risk.

Your mental health matters

Even if you haven’t lost out financially after a data breach, this doesn’t mean that there is “no harm done.”

Being the victim of a crime can have a sizable and lasting impact on you mentally and physically. Everyone copes differently, but for some the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. Some data breach victims become paranoid and oversensitive about their personal privacy and can go on to develop depression.

Thankfully, over the last few years, people are waking up to the reality of mental health, and there is a greater awareness about the lasting effects of psychological suffering and anguish.

For example, following last year’s Ticketmaster data breach, 31% of all our clients involved in this case suffered from distress and/or psychological trauma as a result of having their card details stolen. And, like the financial losses, often the full impact wasn’t felt until much later.

“The effects of crime can also last for a long time, and it doesn’t depend on how ‘serious’ the crime was. Some people cope really well with the most horrific crimes while others can be very distressed by a more minor incident”.

Victim Support

Despite this, the emotional impact of data breaches is still not being taken seriously by those organisations we trust to look after our sensitive information. And we believe this to be true in this case.

Following the BA data breach, the airline said that compensation claims would be discussed on an ‘individual basis’. However, it is not up to the airline to dictate the terms of any compensation payments. And it is certainly not clear how (or indeed if) BA intended to evaluate the emotional impact the data breach had on its customers.

“As a result of increased volumes of data breach incidents, lawyers and experts are using their respective skills to assess the psychological and social consequences, symptoms and ‘injuries’ in reliable and valid ways. Structured interviewing, psychometric assessment and perusal of medical and occupational records are all part of this process”.

Professor Hugh C. H. Koch visiting professor in law and psychology at Birmingham City University School of Law and clinical psychologist

Loyalty works both ways

Should a data breach happen, we would expect the organisation in question to do everything in its power to keep its customers safe and prevent further damage. But this doesn’t seem to be the case following the BA data breach.

Some customers have complained that they have not been contacted by British Airways about the data breach, despite having seen fraudulent activity on their payment cards. Others have complained about BA advising customers to go to their bank for advice, rather than issuing its own instructions to help travellers stay protected.

 Speaking to The Telegraph, one BA customer said: “I saw the tweet, that was the first I knew of it.” He added: “I’ve not heard anything from them on this and I’ve just had to cancel the card I used. They’re a shambles.”

Another customer said she had been left vulnerable after being forced to cancel her bank card while travelling alone in the middle of Vietnam. She tweeted that she was “furious” with the airline and that she only found out about the data breach from news; before BA had the decency to her that she was likely affected.

She went on to tweet: “All companies have problems, some of them will affect their customers. That is a simple fact of business. How the company reacts, communicates & cares, is everything.

“British Airways are failing badly on this. I can’t even get a team manager in their call centre to call me.”

 While another BA customer told the BBC: “I have six cards linked to my BA account. I have no idea how much of my data information has been stolen. I will have to go to each of my credit card providers, cancel the cards, and all the direct debits, etc., related to those cards. This will take a long time, something I have to do with no help from BA”.

 Make a British Airways compensation claim with Hayes Connor Solicitors

At Hayes Connor, we want to reduce the number of data violations taking place across the UK.

To do this, we are helping to raise awareness of data breaches and cybercrime, and educating people and businesses to prevent similar infringements from happening. For more advice on how to keep your data safe, follow us on Twitter and Facebook.

But, where a breach has already occurred, it’s vital that you can recover your losses. We could be talking about one of the most severe data breach cases to hit the UK, so it’s critical that people can get the help they need.

To join our British Airways data breach group action compensation claim, you will need to register with us. We’ll let you know what is happening in this case and if and when you can make a BA data breach compensation claim.

 REGISTER NOW

data breach
, , ,

Should you hold British Airways responsible for its data breach?

At Hayes Connor Solicitors, we’re helping victims of the British Airways data breach to claim compensation after their personal information was put at risk by the airline.

However, in our work we often hear people talking about how companies like British Airways (BA) should not have to pay for the acts of unscrupulous hackers. And it’s true that cybercriminals are becoming increasingly sophisticated. But this doesn’t let negligent organisations off the hook.

The truth is that in most cases, data breaches happen because of a failure to implement reasonable and robust processes. We believe that this was the case at BA.

As such, claiming compensation isn’t just in your best interests. The only way big organisations will be persuaded to take their data privacy responsibilities seriously and make improvements is by hurting their bottom line.

Brand loyalty is all well and good, but it’s vital that we don’t put the needs of big companies above the rights of their customers.

Crucially, if BA had done everything in its power to protect its customers’ data, and had robust security processes in place, it is unlikely that a claim for compensation would be successful. This is why we usually wait for the results of an investigation by the Information Commissioner’s Office (ICO) before starting a group action.

So, was BA responsible for the data breach? Let’s look at the facts.

  1. British Airways didn’t spot the data breach for two weeks

In September last year, it was revealed that almost 400,000 BA customers had their bank card details stolen in one of the most severe cyber-attacks in UK history.

Worryingly, the hack went undetected for two weeks before BA told its customers about the breach and reported the incident to the police. BA has admitted that the hackers spent more than a fortnight accessing data online and we believe that this is a significant failure by BA – one that increases the risk to passengers substantially.

With 12 days between the BA data breach occurring and the incident being detected, questions have been asked as to whether poor systems made this cyber-attack worse.

  1. British Airways uncovered a second data breach when investigating the first

To make matters worse, when investigating this case, a second data breach was also spotted at the airline.

In this instance, 77,000 people had their names, addresses, email addresses and detailed payment information taken. This included card numbers, expiry dates, and card verification value (CVV) numbers. And, a further 108,000 people had their personal details stolen. This hack could have left customers exposed for months.

  1. Hackers could already have made millions from the British Airways data hack

Russian hackers may have made millions selling credit card details stolen from BA customers. Research has found that stolen data was put up for sale on the dark web about a week after the BA breach. Hackers were charging between £7 and £40 (approximately) for each card’s worth of information.

BA says it has not received reports of fraud resulting from the attack on its own systems.

  1. The British Airways hack might have been caused by the same hackers as Ticketmaster

According to reports, a cyber-criminal operation known as Magecart is behind the recent BA data breach. The group has been very active over the past three years. It is also thought to be behind the Ticketmaster data hack.

A report by RiskIQ states that clues link the same operation to the BA breach. The company said the code found on the BA site was very similar. However, the code was modified to suit the way the airline’s website had been designed. Crucially, if RiskIQ, is right about how the attack worked, a cybersecurity researcher has told the BBC that “BA should have been able to see this”. So the hack could have been very easily prevented.

Worryingly, in the Ticketmaster data breach case:

  • 63% of all the clients we took on suffered multiple fraudulent transactions on their payment cards, and
  • 31% of all our clients involved in this case suffered from distress and/or psychological trauma as a result of having their card details stolen and used in fraudulent activity.

What’s more, it is becoming increasingly clear that the impact and losses people sustain following a data breach are not always immediately apparent. Indeed, in the Ticketmaster data breach, we are starting to see cases where the impact occurred months later. This is often because data stolen is used in batches over time.

So, as yet it’s impossible to say how many people have been impacted by the BA data breach, and to what extent.

  1. British Airways has been accused of not taking its responsibilities seriously following the data breach

Following the BA data breach, the airline said that compensation claims would be discussed on an ‘individual basis’. However, it is not up to the airline to dictate the terms of any compensation payments.

In response, customers took to the media to share their fury at the airline’s handling of the privacy violation.

According to an article in The Metro, one BA customer said “They talk about compensation to be discussed on a case-by-case basis. To me, this seems incredibly unprofessional.”

He added: “They are trying to not take full responsibility for it”.

The same customer is reported to have suffered fraudulent activity on his credit card, which he used to book a BA flight during the time the data was at risk.

Some customers have complained that they have not been contacted by BA about the data breach, despite having seen fraudulent activity on their payment cards. Others have complained about BA advising customers to go to their bank for advice, rather than issuing its own instructions to help travellers stay protected.

One BA customer told the BBC: “I have six cards linked to my BA account. I have no idea how much of my data information has been stolen. I will have to go to each of my credit card providers, cancel the cards, and all the direct debits, etc., related to those cards. This will take a long time, something I have to do with no help from BA”.

Make a British Airways compensation claim with Hayes Connor Solicitors

At Hayes Connor, we want to reduce the number of data violations taking place across the UK.

To do this, we are helping to raise awareness of data breaches and cybercrime, and educating people and businesses to prevent similar infringements from happening. For more advice on how to keep your data safe, follow us on Twitter and Facebook.

But, where a breach has already occurred, it’s vital that you can recover your losses. We could be talking about one of the most severe data breach cases to hit the UK, so it’s critical that people can get the help they need.

To join our British Airways data breach group action compensation claim, you will need to register with us. We’ll let you know what is happening in this case and if and when you can make a BA data breach compensation claim.

 REGISTER NOW