Get Expert Advice 0151 724 7121

Compensation up to £16,000 British Airways Breach of Data


British Airways could face an estimated £183 million fine by the Information Commissioner’s Office (ICO) due to their failings to secure the customers of British Airway’s private data.  This could lead to its customers who have had their data breached, stolen or shared for example to make a compensation claim against British Airways.  The compensation for a claim may about to about £16,000 for the most serious breach and an average pay out of about £6,000.  Smaller compensation sums between about £1,000 to say £2,500 are thought to be payable where a British Customer has not suffered any loss but may have been more than inconvenient about their own personal data loss.


500,000 Plus British Airways Customers May be Entitled to Compensation

To be entitled to Compensation, our leading solicitor, Mr Ronnie Hutcheon summarises what is required to claim:

  1. You were a Customer between 21.08.18 to 05.09.18.
  2. You made a booking online or through an App British with Airways between the above dates.
  3. You have received confirmation that you have been affected by the loss.

In September 2018 it was revealed the airline had suffered a data breach, described as “a very sophisticated, malicious attack” by British Airways’ Chief Executive Mr. Alex Cruz.

British Airways have explained that they are “investigating, as a matter of urgency, the theft of customer data between 22:58 BST August 21 2018 until 21:45 BST September 5 2018 from our website,, and our mobile app”.

The exact circumstances of the data breach have not been confirmed, so as to avoid compromising the on-going police investigation, however the ICO has revealed in its investigation that “a variety of information was compromised by poor security arrangements” being implemented by the airline.

The airline initially disclosed in September 2018 that 380,000 customers were affected by the breach, however a month later this figure rose to 500,000+ after it was revealed that a further 185,000 customers had also fallen victim to the scandal.

This data breach is the latest technical issue facing British Airways after a systems outage in May 2017 caused all flights from several London airports to be grounded for a day.

British Airways – Claim compensation now, click on the contact us link below:


How Much Compensation for British Airways Breach?

There can be a vast range of awards for compensation from £several hundred pounds to report of up to £16,000.  The latter will arise where a customer of British Airways has had very personal data breached, suffered stress and anxiety due to the loss and may have even been subject to financial loss.

Below is a summary of some awards that has been made over the years due to data breach and loss.


CaseData breachCompensation
Campbell v MGN Ltd [2004] UKHL 22Publication of articles/photographs disclosing private information£2,500 plus aggravated damages of £1,000
Archer v Williams [2003] EWHC 1670 (QB)


Disclosure of medical information£2,500
Applause Store Productions Limited v Raphael [2008] EWHC 1781


False defamatory profile and group on Facebook£2,000 plus award for libel totalling £20,000
Weller v Associated Newspapers Ltd [2014] EWHC 1163 (QB)


Publication of photographs without consent£10,000
Mosley v News Group Newspapers Ltd [2008] EWHC 1777


Publication of private information relating to sexual practices£60,000
Cooper v Turrell [2011] EWHC 3269 (QB)


Misuse of private information,Claimant 1 £30,000 Claimant 2: £50,000
AAA v Associated newspapers Ltd [2012] EWHC 2103 (QB)


Publication of photographs£15,000
Gulati and others v MGN Ltd [2015] EWHC 1482 (Ch)


Phone hacking£72,500 – £260,250
AAA v Associated newspapers Ltd [2012] EWHC 2103 (QB)


Publication of photographs£15,000
Wooley & Wooley v Nahid Akbar Or Akram [2017] SC Edin 7


CCTV surveillance carried out by a neighbour£17,268
TLT and others v Secretary of State for the Home Department and Home Office [2016] EWHC (QB)


Publication of confidential personal information of around 1,600 applicants for asylum or leave to remain£2,500 – £12,500


It is important to note that if a British Airways Customer wants to claim compensation, they do not have to suffer any financial loss.  The leading case on this decision is Vidal-Hall and others v Google Inc; where the Court of Appeal held that a claim for distress suffered by the privacy breach can sound in damages even though there was no financial loss.

However pre-GDPR the compensation awards were quite low from about £750. But in the celebrity breach of privacy claims for ‘phone hacks’ etc Gulati & Ors v MGN Limited confirmed damages over £250,000.  Misuse of personal data TLT v Secretary of State for the Home Department [2016] EWHC 2217 (QB) compensation amounts between £2,500 to £12,500. Please remember no financial loss was suffered, it was a compensation award for distress caused; for more information on compensation for data breach see our webpage: Data Protection Breach, Compensation, Distress


Intention to fine British Airways £183.39m under GDPR for data breach


The ICO has issued a following statement on their webiste on 08.07.19 :



The ICO’s website further provides the following notice:

British Airways has cooperated with the ICO investigation and has made improvements to its security arrangements since these events came to light. The company will now have opportunity to make representations to the ICO as to the proposed findings and sanction.

ICO has been investigating this case as lead supervisory authority on behalf of other EU Member State data protection authorities. It has also liaised with other regulators. Under the GDPR ‘one stop shop’ provisions the data protection authorities in the EU whose residents have been affected will also have the chance to comment on the ICO’s findings.

The ICO will consider carefully the representations made by the company and the other concerned data protection authorities before it takes its final decision.


What data has been breached?

British Airways state that “the personal and financial details of customers making booking on and our mobile app” between the period above have been “compromised” – although no passport or travel details were included in the breach, the airline accepted that “names, billing address, email address and all bank card details were at risk”.

It has been revealed that details of payment cards, including the number, expiry date and security codes were also illegally extracted from the reservations system.

British Airways Customers Respone

British Airways have been hit with an £183 million fine as a result of the data breach, with reports that the “total proposed fine of £183.9 million would be the biggest penalty ever issued by the ICO”

The proposed fine is estimated to be 1.5% of the company’s 2017 turnover – which comes in the wake of new General Data Protection Regulations which allows fines up to 4% of a company’s global revenue. Previously, the maximum penalty was £500,000 which the ICO fined Facebook in 2018 after user data was breached in relation to the Cambridge Analytica data breach, which saw the harvesting of information from 50 million Facebook profiles.

Information Commissioner Elizabeth Denham states that “when an organisation fails to protect it [personal data] from loss, damage or theft it is more than an inconvenience” and that “those who don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights”.

The severity of the fine has been described by Rachel Aldighiere, director of the Data & Marketing Association, as being “unprecedented in the UK”; it will certainly send a message to businesses and organisations around the world that personal information must be secure first and foremost.

British Airways

The airlines Chief Executive Mr. Alex Cruz describes being “surprised and disappointed” following the ICO’s findings, believing that British Airways had responded “quickly to a criminal act to steal customers’ data” – he also maintains there is no evidence that there had been any fraudulent activity on the accounts affected by the data breach.  British Airways intends to appeal the proposed fine, despite the fact that the figure could rise to a potential £488 million. The current proposed fine amounts to around £4 for the each of the estimated amount of passengers to fly with the airline in 2019 alone.

Compensation British Airways Breach

Not long after the data breach had happened, British Airways promised that customers that were “financially affected” by the data breach would be “100% compensated” – despite the fact that no fraud has taken place as a result of information being leaked.

The notion that British Airways will only reimburse those suffering financially is not considered sufficient given the severity of the breach.

As per General Data Protection Regulation, Article 82 states that “any person who has suffered material or non-material damage as a result of an infringement of this regulation shall have the right to receive compensation”.

They must be held accountable for the unwarranted feelings of distress placed upon those involved in the data breach.
British Airways has advised those affected to contact their bank or credit card provider and follow their advice, failing to take into account the huge hassle and inconvenience that they have caused for their customers.

To start  your claim please contact us, we operate a NO WIN, NO FEE, NO WORRY claim so you have nothing to close.

Start Your Claim

We’re ready to start working with you

Call Us

Call our legal helpline to talk to an expert now.
0151 724 7121

Request a Callback

We can call you back at a time of your choosing. 
Request Callback

Claim Online

Start your claim online and get started quickly.
Start Your Claim Online