British Airways has reached a settlement to resolve a class action lawsuit over a data breach in 2018 involving the personal and financial details of hundreds of thousands of customers.
The terms of the deal were kept confidential and the airline did not admit liability but it is understood claimants involved in the case brought by law firm PGMBM are to receive a payout.
It relates to an admission by the airline in September 2018 that customer details had been compromised by hackers in a data theft between 21 August and 5 September.
The number of people affected was later found to be 420,000 customers and staff.
Names, debit and credit card numbers, addresses and email addresses were among details exposed in the incident.
Some passengers were diverted to a fake website, which harvested their data.
A subsequent investigation by the Information Commissioner’s Office (ICO) found BA, at that time, was “processing a significant amount of personal data without adequate security measures in place”.
It recommended a fine of more than £180m though a sum of £20m was later imposed.
PGMBM had revealed in January that the airline could face customer claims totalling £800m – with payouts of up to £2,000 per person.
It had signed up 16,000 people to its claim against BA at that time.
The airline welcomed the settlement while Harris Pogust, PGMBM’s chairman, said: “We are very pleased to have come to a resolution on this matter after constructive mediation with British Airways.
“This represents an extremely positive and timely solution for those affected by the data incident.”