Come Sue With Us! Half a Million Customers of BA Affected by Data Breach Get the Go Ahead to Take Legal Action Against the Airline
British Airways received another blow recently following their 2018 data breach. The High Court ruled that customers affected in the breach are now able to pursue legal action against the company.
So, the British airline giant can now add lawsuits with up to 500,000 customers to their growing list of post-breach consequences. This is in addition to the record fine of £183 million issued by the Information Commissioner’s Office (IOC) earlier this year.
British Airways suffered the massive data breach in August of last year, compromising data of over half a million customers. Poor data security practices enabled hackers to divert customers to a fraudulent site and steal their personal information. This included names, addresses, login information, card numbers, expiry dates and even three-digit CVV codes.
The breach occurred over the course of a two-week period.
Instant Reputational Damage
As with most data breaches where the consumer’s sensitive information is compromised, British Airways saw immediate reputational damage upon announcing the news. With that damage came a hit to the value of their parent company stock, which dropped 4%.
The reputational damage is no surprise. According to a PCI Pal survey, 83% of US consumers, 44% of UK consumers, 43% of Australians and 53% of Canadians will stop spending with a business for several months in the immediate aftermath of a security breach or a hack, which in the airline’s case means a significant decrease in revenue.
On top of losing existing and potential customers, the British airline got fined a record amount of £183 million in July of this year. This amounts to 1.5% of the company’s global turnover. The introduction of the EU’s GDPR meant a significant increase in data breach related fines from a maximum of £500,000 to a maximum of 4% of the organisation’s global turnover.
Paying the record fine does not mean the airline is in the clear. It will also have to deal with significant financial repercussions following the class action lawsuits from affected customers. Another item to add to the list of potential repercussions from poor data security practices.
Companies Must Make Data Security a Priority
Data breaches are still on the increase and regulations stricter than ever before. As a result, companies should make data security and compliance their main priority.
In that vein, the focus shouldn’t be on trying to keep the hackers out. Rather, businesses should prioritise encrypting what data they have and where, and ensuring there’s no data for hackers to steal in the first place.
Interested in learning more about preventative security measures? Download our eBook, PCI Compliant Contact Centres: Maximising Security.