The emotional impact of the British Airways data breach should not be underestimated

British Airways plane grounded on a runway
Share on facebook
Share on twitter
Share on linkedin

In 2018, British Airways customers had their personal details and bank cards stolen in one of the most severe cyber-attacks in UK history. All 38,000 customers who booked flights online – or via the BA app – between 21st August 2018 and 5th September 2018 using a debit or credit card were affected by the British Airways data breach.

This is a clear and serious infringement of data protection laws and a massive violation of customer trust and safety. And, in response, in October 2020, the airline was fined a record £20 million by the Information Commissioner’s Office (ICO).

Following the British Airways data breach, in October 2019, the Court gave its permission for official legal action against the airline. Following this decision, we have launched a group action to hold British Airways to account. However, rather than talking about how victims can make a compensation claim, we want to discuss why they should be able to do so.

The consequences of a data breach can be devastating

It’s important to recognise and understand the potential consequences of a data breach. Especially if we are ever going to see those organisations we trust to look after our sensitive information taking their data security obligations seriously.

Data breaches can be financially devastating, and the British Airways hack went undetected for two weeks before the airline told customers about the breach and reported the incident to the police. So, hackers spent more than a fortnight accessing data online. This is a severe failure by British Airways, and one that increases the risk to passengers substantially.

To make matters worse, when investigating this case, a second data breach was also spotted at the airline. In this instance, 77,000 people had their names, addresses, email addresses and detailed payment information taken. This included card numbers, expiry dates, and card verification value (CVV) numbers. And a further 108,000 people had their personal details stolen. This hack could have left customers exposed for months.

The impact of data hacking can be devastating, and we have seen instances where financial losses only started to occur three to six months later. This is often because data stolen is used in batches over time.

Customers affected by this data breach have reported fraudulent activity on their credit/bank cards. But the risk doesn’t stop there. Following a data breach, phishing scammers often emails, texts, websites, phone calls and social media to attempt to access further information. In fact, according to the Daily Mail, hackers may have already made millions selling credit card details stolen from British Airways customers with customer data stolen from British Airways listed for sale of the dark web.

Many people have experienced psychological distress following the British Airways data breach

In addition to financial loss, the emotional impact of the British Airways data breach should not be underestimated. We all know the impact that theft can have on a person. Following a burglary, people often feel shock, anger, fear, helplessness and panic. These feelings might develop immediately or be experienced much later. Victim Support says that burglary happens when someone breaks into a building with the intention of stealing, hurting someone or committing unlawful damage. And that’s also what cybercriminals do when they steal personal data. So, why should you feel any less upset at having your online data taken; particularly as British Airways effectively gave the burglar the keys?

Some people might believe that claiming for distress is an overreaction. But according to Victim Support:

“The effects of crime can also last for a long time, and it doesn’t depend on how ‘serious’ the crime was. Some people cope really well with the most horrific crimes while others can be very distressed by a more minor incident”.


So, it’s no wonder that, for many people, the British Airways data breach has caused or exacerbated anxiety, stress and other psychological conditions. Why wouldn’t you worry about what could happen if your data got into the wrong hands? And why should we put the needs of big companies above the rights of consumers?

The bottom line is that the law understands the damage that can be caused by worry and upset. So, if you have been the victim of the British Airways data breach, but haven’t lost any money, you still have the right to make a compensation claim. Indeed, victims must be able to seek help and get the compensation they need to get their lives back on track.

Thankfully, over the last few years, people are waking up to the reality of mental health and there is a greater awareness about the lasting effects of physiological suffering and anguish.

Don’t leave it too late to hold British Airways to account


Keller Lenkner UK has launched a group action against British Airways to help victims of this data breach to claim compensation. We can help you claim compensation for financial losses, as well as for inconvenience and distress.

The registration period for people to join our British Airways action has recently been extended. However, time is now of the essence, and if you want to hold the airline to account for breaching your data protection rights, you must register with us ASAP.

Contact Keller Lenkner UK’s expert data breach lawyers to discuss the British Airways data breach.

Share this article:

Share on facebook
Share on twitter
Share on linkedin