Law Firm PGMBM, British Airways Reach Settlement In 2018 Data Leak Class Action

1 Comment

Over the past years we have reported about former UK law firm SPG Law (now PGMBM) representing British Airways customers that were impacted by the 2018 data leak in a class action against the company – now a settlement has been reached.

In September 2018 British Airways revealed that there had been a breach of its security systems, leading to over 420,000 customers and staff having their personal data leaked.  

The compromised data included names, debit and credit card numbers, addresses, and email addresses.

Subsequently the Information Commissioner’s Office (ICO) has also fined British Airways £20million for their negligent role in the leak. The initial proposal by the ICO was a whopping £183 million but given Covid-19 the company was able to negotiate down the fine.

John last wrote about about the class action here, short before the submission deadline.

Yesterday PGMBM has notified the clients who signed up to be part of the class action that they have reached a settlement with BA, urging them to consider and accept it.

You can see PGMBM’s press release related to the settlement here.

As the court-appointed lead solicitors, PGMBM is pleased to announce that litigation with British Airways has been resolved on confidential terms.  

The mediation between legal representatives for claimants and British Airways Plc resolves the largest group litigation relating to personal data in UK history to date.  

Harris Pogust, PGMBM Chairman, said: “We are very pleased to have come to a resolution on this matter after constructive mediation with British Airways. This represents an extremely positive and timely solution for those affected by the data incident.” 

The PGMBM team, led by Legal Director Tony Winterburn and Associate Michael Burke, filed a claim on behalf of those affected in April 2020, and have welcomed the resolution.  

The resolution includes the provision for compensation for qualifying claimants who were part of the litigation but does not include any admission of liability by British Airways Plc. 

“The Information Commissioner’s Office laid out how BA did not take adequate measures to keep its passengers’ personal and financial information secure,” Harris said. 

“However, this did not provide redress to those affected. This settlement now addresses that.” 

Back then the law firm “advertised” that those claimants who are joining could receive up to £2000 each but I highly doubt that the reimbursement will be anywhere near that. These big numbers are usually thrown around by the firms in order to get people to sign up but the final sum is often in the double or very low triple digits.

In some of these privacy cases there isn’t even a cash payment but the companies negotiate things like a 5 year membership with a privacy protection / credit monitoring service or gift cards.

I have seen the email sent to members of this class action which is confidential so we can’t replicate it here, however from the contents of it there would be a cash payment involved this time (no specific amount mentioned).


  • British Airways pays with no admission as to liability
  • PGMBM will notify each claimant individually about the compensation they’re entitled to
  • Level of damages (amount) and terms of the settlement have to remain confidential

It goes without saying that a good chunk of the total settlement sum is going to the law firm that handled this claim. In this case I’m totally ok with that because British Airways acted extremely arrogant and it wasn’t the first or last time that BA had a lapse in their IT structure, compromising customers data and causing grave inconvenience. Only the prospect of stiff fines will cause such companies to be more diligent in the future.

In the end it’s up to the claimants to either accept or reject the settlement. In case you reject it I guess it’s back to square one and you could sue BA individually for your damages. In how far that’s actually worth it is of course in the eye of the beholder.


I doubt that all (if any) class members would get 2,000 GBP compensation, but I truly believe that it is time to send these businesses a message that they cannot leave their front door open, as BA did here, allowing all of our data stolen without any consequences.

John had one of his American Express that he used to pay for BA flight purchases comprised in early 2020 while traveling. It’s always a huge hassle to deal with fraudulent charges and replacing cards when you are on the road.