The British Airways data breach not-quite-a-class-action hasn't ended after all, a rival to yesterday's law firm has told The Register.
Following PGMBM's announcement that it has settled its case with the airline over the theft of nearly 400,000 people's personal data – including some credit card details – rival outfit Your Lawyers says its own case against BA is still ongoing.
"We weren't part of that assessment," said Jonathan Whittle, a manager with Your Lawyers Ltd. "That was a PGMBM-led litigation."
PGMBM settled its claim with BA out of court around a year before its scheduled trial. About 16,000 claimants had signed up to receive an eventual payout from the airline. Precise terms of the settlement were confidential – and appear to have surprised rival law firms chasing BA for compensation.
Your Lawyers told The Register it has 5,000 claimants signed up so far, though Whittle was less forthright than PGMBM about the amount each could expect to receive from the lawsuit. More details are available on its website, which is easily found through a search engine.
Whittle said there tends to be a "bracketed scale of different levels of effect" determining "who falls within X bracket, which may be difficult to say, within the data breach, they get X amount of compensation".
This might be, say, around £1,100 as against PGMBM's advertised £2,000 per head – though with the rival firm's settlement terms being confidential, it is not yet known whether that advertised figure will translate into payouts. In any event, a third of the compensation paid by BA will be creamed off by the law firms.
- British Airways data breach lawsuit settled: Airline coughs up potentially millions to make sueball bounce away
- Heads up: A new strain of card-skimming Grelos malware is on the loose
- British Airways fined £20m for Magecart hack that exposed 400k folks' credit card details to crooks
- Lock down your data – or get the cheque book out: ICO privacy violation fines are rising, say lawyers
A potentially lucrative market in lawsuits chasing large companies that have suffered from data breaches has sprung up in the UK over the past few years. While the BA data breach was the most high profile to date, other legal eagles are also chasing EasyJet over a similar incident, while various smaller cases can be found through listings websites. The business model for lawyers is to cream off a percentage of the damages for themselves, as well as claiming legal fees.
While some might see this as ambulance-chasing, a point in its favour is that civil group litigation means some money might eventually find its way to people whose data was stolen or exposed by breaches. Fines handed down by the Information Commissioner find their way into the government's bottomless pockets, leaving those directly affected by a breach with little more than punchy headlines to read.
The group litigation order (GLO) against BA was mostly driven by PGMBM but Your Lawyers Ltd was also named as a member of the lawsuit's Steering Committee in a High Court order [PDF] made in 2019.
In 2018, BA's payments processing pages were infected with the Magecart credential-stealing malware. 380,000 people's personal details were stolen. The Information Commissioner's Office fined BA £20m for the breach after making detailed findings that the airline had broken data protection laws by failing to initially notice the malware infection, though the International Airlines Group-owned company denies legal liability in the High Court.
The litigation continues. ®