HALF-A-MILLION CUSTOMERS are set to take advantage of the class-action lawsuit provisions of GDPR to sue airline British Airways over its 2018 data breach.
The green light was signalled by Justice Mark Warby in a hearing at the High Court in London on Friday, enabling mass legal action against British Airways to go ahead.
The legal action will add to the already high costs to BA of the Magecart security breach of August and September 2018 when the company's payment pages were hacked.
In July this year, the Information Commissioner's Office (ICO) slapped a £183m mega-fine on British Airways. The proposed fine was the first levied in the GDPR era, empowering the ICO to hand out fines of up to four per cent of global turnover for data breaches. The BA fine represents 1.5 per cent of the company's global turnover.
Before the introduction of GDPR, the maximum fine for a data breach stood at £500,000, with 20 per cent off for early payment. "The ICO's investigation has found that a variety of information was compromised by poor security arrangements at the company, including log-in, payment card, and travel booking details, as well name and address information," the ICO explained in a statement.
Categorised as a Magecart attack, British Airways is one of possibly thousands of victims in recent years. Hotel chain Marriott was also notified by the ICO of an intention to levy a £99m fine over a November 2018 data breach just a day after BA received its notification.
You could soon buy that ivory backscratcher on Marketplace in a few taps
Just in case you're too posh for Whole Foods
Borked butterfly mechanism is dead
AI nirvana in the cloud