[Updated] 2018 data breach : BA fined £20 million
#226
FlyerTalk Evangelist
Join Date: Mar 2010
Location: JER
Programs: BA Gold/OWE, several MUCCI, and assorted Pensions!
Posts: 32,139
#227
Suspended
Join Date: Sep 2018
Location: Somewhere in the Air
Programs: BA GGL, *A Silver, OW Emerald, HH Diamond, Karahi Express
Posts: 554
#228
FlyerTalk Evangelist
Join Date: Nov 2011
Location: Brighton. UK
Programs: BA Gold / VS /IHG Diamond & Ambassador
Posts: 14,167
No it wouldn't because the 'unlawful' bit is in relation to if you aren't the intended recipient.
You are the intended recipient and it's OK to pass it onto your legal representative.
You are the intended recipient and it's OK to pass it onto your legal representative.
#229
Join Date: Jan 2016
Location: York, UK
Programs: BAEC Gold, Honors Diamond
Posts: 1,183
Further to your recent email, please see a little more information about the advertisement happening on BA over the recent period.
- The ICO money £183 million (€204 million) will go to the government coffers and not the affected customers. However, the fact that ICO (Information Commissioner's Office) has fined BA is a good indication that they have breach the regulations and this will support the claim moving forward. They will still need to be part of the claim to recover civil damages, this is the only avenue open to customers to recover compensation.
With this being said, we must wait for ICO’s report to see how supportive it is but given that they have issued a record fine it is safe to say that it thinks that BA has breached the data regulations.
Once we receive the report from ICO will provide you with a further update.
- The ICO money £183 million (€204 million) will go to the government coffers and not the affected customers. However, the fact that ICO (Information Commissioner's Office) has fined BA is a good indication that they have breach the regulations and this will support the claim moving forward. They will still need to be part of the claim to recover civil damages, this is the only avenue open to customers to recover compensation.
With this being said, we must wait for ICO’s report to see how supportive it is but given that they have issued a record fine it is safe to say that it thinks that BA has breached the data regulations.
Once we receive the report from ICO will provide you with a further update.
#230
Suspended
Join Date: Sep 2018
Location: Somewhere in the Air
Programs: BA GGL, *A Silver, OW Emerald, HH Diamond, Karahi Express
Posts: 554
"please see a little more information about the advertisement happening on BA over the recent period." - What does this actually mean??
I called SPG today ...
1st lady who answered my call was barely hearable ... had to ask her to talk louder. I asked to be put through to someone working the BA Case. She did.
2nd lady was also bearly hearable and sounded like she wasn't interested. She asked for Name and Case Reference and basically said ... oh that is handled by a different department and she did not know who was in from that department. She then said, oh we don't have a telephone number for your case reference. And then tried to fob me off with let me take your number and I will ask them to call you back. I gave her my number and insisted that she put me through to someone.
After being on hold for 2 minutes ... a gentlemen answered and referred to me by name.
He basically informed me that they are waiting to see BA's to response to the ICO (28 days from ICO notice), however feel that the civil case against BA has a strong case given the ICO decision.
He informed me that SPG are planning on bringing the case against BA – hearing supposedly on 4th October at the London High Court "Rolls Building".
Also indicated that BA had not responded to the SPG letter and had instead filed a GLO to the High Court directly. (Normally its the claimants "SPG" that would file the GLO)
Besides that not much new info.
As reported by CityAM (8th July)
https://www.cityam.com/british-airwa...8-data-breach/
The firm has faced legal claims from thousands of customers whose data was stolen as part of the hack, many of whom SPG represents. Instead of replying to a letter from SPG inviting the airline to determine settlement or discuss the terms of a GLO, BA made an application direct to the High Court several weeks ago.
GLOs are usually applied for by claimants and it is “highly unusual” for a defendant to do so, said SPG.
SPG Law Partner Harris Pogust said the firm “cannot evade its responsibility to recompense its victims in full”.
I called SPG today ...
1st lady who answered my call was barely hearable ... had to ask her to talk louder. I asked to be put through to someone working the BA Case. She did.
2nd lady was also bearly hearable and sounded like she wasn't interested. She asked for Name and Case Reference and basically said ... oh that is handled by a different department and she did not know who was in from that department. She then said, oh we don't have a telephone number for your case reference. And then tried to fob me off with let me take your number and I will ask them to call you back. I gave her my number and insisted that she put me through to someone.
After being on hold for 2 minutes ... a gentlemen answered and referred to me by name.
He basically informed me that they are waiting to see BA's to response to the ICO (28 days from ICO notice), however feel that the civil case against BA has a strong case given the ICO decision.
He informed me that SPG are planning on bringing the case against BA – hearing supposedly on 4th October at the London High Court "Rolls Building".
Also indicated that BA had not responded to the SPG letter and had instead filed a GLO to the High Court directly. (Normally its the claimants "SPG" that would file the GLO)
Besides that not much new info.
As reported by CityAM (8th July)
https://www.cityam.com/british-airwa...8-data-breach/
BA applies for litigation order
BA’s woe was compounded when law firm SPG confirmed the embattled airline had applied to the High Court for a group litigation order (GLO).The firm has faced legal claims from thousands of customers whose data was stolen as part of the hack, many of whom SPG represents. Instead of replying to a letter from SPG inviting the airline to determine settlement or discuss the terms of a GLO, BA made an application direct to the High Court several weeks ago.
GLOs are usually applied for by claimants and it is “highly unusual” for a defendant to do so, said SPG.
SPG Law Partner Harris Pogust said the firm “cannot evade its responsibility to recompense its victims in full”.
#231
Join Date: Sep 2003
Location: OSL
Posts: 2,638
For those affected but not keen on joining in the lawsuit, do you think there will be a payout similar to the US Fuel Surcharges, where, if I understand correctly, anyone affected were entitled to compensation. Bar of course the moral implications of this...!
That said, as someone said upthread, if BA will simply give me a 2 year exstension of status at the time, I'd be happy with that...
That said, as someone said upthread, if BA will simply give me a 2 year exstension of status at the time, I'd be happy with that...
#232
Suspended
Join Date: Jan 2003
Location: London, UK.
Programs: SQ LPPS, A3 *G, BA Silver aiming for Bronze
Posts: 1,506
Unless the court were to order a pay out to all those affected which I think is unlikely - a class action is just that and is for the people who signed up for it then I would expect no one else to get anything.
Remember that in BA's eyes, they are the victims here and so won't be paying out a penny to anyone they don't have to and I suspect if they could use the data from the class action which they probably can't then Exec Club accounts would be closed on the claimants.
Remember that in BA's eyes, they are the victims here and so won't be paying out a penny to anyone they don't have to and I suspect if they could use the data from the class action which they probably can't then Exec Club accounts would be closed on the claimants.
#233
FlyerTalk Evangelist
Join Date: Mar 2010
Location: JER
Programs: BA Gold/OWE, several MUCCI, and assorted Pensions!
Posts: 32,139
and I suspect if they could use the data from the class action which they probably can't then Exec Club accounts would be closed on the claimants.
#234
Suspended
Join Date: May 2011
Location: London
Programs: *A G, OW S.
Posts: 996
Remember they can close Exec Club accounts at their discretion. There's nothing in mine so they can close away but it may happen.
#235
Join Date: Sep 2014
Location: Brexile in ADB
Programs: BA, TK, HHonours, Le Club, Best Western Rewards
Posts: 7,067
They still have to act fairly. Discrimination based on enforcing your legal rights I doubt would go down well in court, let alone causing massive upset to a portion of you most profitable customers.
#236
Suspended
Join Date: Sep 2018
Location: Somewhere in the Air
Programs: BA GGL, *A Silver, OW Emerald, HH Diamond, Karahi Express
Posts: 554
Withdraws consent to Clause 4 “Protection of Members Data” or misconduct or fraud.
#237
Join Date: Jul 2005
Location: London, ARN, HEL, ..... or MAN
Programs: BA GGL / GFL, Mucci Diamond!, HH Diamond, Radisson Premium, IHG Gold, Hertz Gold
Posts: 5,873
Even if it were an inside job, PCI sets requirements on proper access control to privileged accounts, the regular changes of passwords etc. It’s explicitly called out - it’s not all about coding standards, it’s also about controlling who has access to what and I expect that would have also been part of the ICO investigation.
#238
Join Date: Jan 2019
Posts: 44
Getting quite frustrated with this. I paid for some seat bookings directly with BA in mid July 2018 on a business card I don't really use for anything else.
I didn't get any emails from BA to say I'd been part of the breach. But in January this year I had a call from Amex when various high value transactions were attempted on my Amex card - my details had been compromised.
I emailed BA to find out if my data was included in the breach but they have never bothered to respond.
It's difficult because BA's own site lists the dates between which data was stolen as August to September 2018 - but various third party sites suggest the breach went back as far as June 2018 for certain bookings.
Has anyone actually had BA to admit compromising their data earlier than 21st August 2018?
I didn't get any emails from BA to say I'd been part of the breach. But in January this year I had a call from Amex when various high value transactions were attempted on my Amex card - my details had been compromised.
I emailed BA to find out if my data was included in the breach but they have never bothered to respond.
It's difficult because BA's own site lists the dates between which data was stolen as August to September 2018 - but various third party sites suggest the breach went back as far as June 2018 for certain bookings.
Has anyone actually had BA to admit compromising their data earlier than 21st August 2018?
#239
Suspended
Join Date: Sep 2018
Location: Somewhere in the Air
Programs: BA GGL, *A Silver, OW Emerald, HH Diamond, Karahi Express
Posts: 554
Getting quite frustrated with this. I paid for some seat bookings directly with BA in mid July 2018 on a business card I don't really use for anything else.
I didn't get any emails from BA to say I'd been part of the breach. But in January this year I had a call from Amex when various high value transactions were attempted on my Amex card - my details had been compromised.
I emailed BA to find out if my data was included in the breach but they have never bothered to respond.
It's difficult because BA's own site lists the dates between which data was stolen as August to September 2018 - but various third party sites suggest the breach went back as far as June 2018 for certain bookings.
Has anyone actually had BA to admit compromising their data earlier than 21st August 2018?
I didn't get any emails from BA to say I'd been part of the breach. But in January this year I had a call from Amex when various high value transactions were attempted on my Amex card - my details had been compromised.
I emailed BA to find out if my data was included in the breach but they have never bothered to respond.
It's difficult because BA's own site lists the dates between which data was stolen as August to September 2018 - but various third party sites suggest the breach went back as far as June 2018 for certain bookings.
Has anyone actually had BA to admit compromising their data earlier than 21st August 2018?
Email Received Friday, September 7, 2018, 3:19 AM GMT+2 - "From 22:58 BST 21 August 2018 until 21:45 BST 5 September 2018 inclusive, the personal
and financial details of customers making or changing bookings at ba.com, and on our app
were compromised. The stolen data did not include travel or passport information."
Email Received Friday, October 26, 2018, 10:40 AM GMT+2 - "On 6 September 2018, we regrettably announced that we were the target of a criminal data
theft involving the personal and financial details of customers making or changing bookings
at ba.com, or via the British Airways app.
Since then we’ve been conducting a thorough investigation with specialist cyber forensic investigators, liaising with the National Crime Agency. As a result of the investigation I am
writing to let you know that you may have been affected by the data theft, when you made a
reward booking between 21 April and 28 July 2018.
Hope that helps.