British Airways data breach compensation

SITA data breach affects hundreds of thousands of passengers worldwide

Sign-up to one of our many Group Actions today - use our quick and easy form to start your claim for compensation.

Begin Your Group Action Claim Today
Please note we are unable to proceed with claims involving BMW, Dacia, Ford, Honda, MINI, Mercedes-Benz & Mitsubishi.
The deadline for claims for EA189 engines passed in 2018, and claims settled in 2022. We are unable to take any claims on for vehicles with EA189 engines. We are able to take on claims for newer engine types that are NOT EA189 engines.
Our claims team will call you back at a time that's suitable to you.
Your privacy is extremely important to us.
Information on how we handle your data is in our Privacy Policy
solicitors regulation authority

SITA data breach affects hundreds of thousands of passengers worldwide

In late February, the SITA data breach was revealed as a powerful cyberattack, which comprised of a server holding information relating to hundreds of thousands of air passengers.

Labelled as “highly sophisticated” by the company, it is understood that the wide-reaching cyberattack has not affected “highly sensitive” data, but it nevertheless demonstrates that IT systems can be severely vulnerable as hackers continue to enhance and advance their methods.

In fact, it has long been apparent that travel companies are often vulnerable to cyberattacks. They hold a wealth of sensitive data about their customers, including passport details and payment card information. A such, airlines and hotel chains can be a prime target for hackers. British Airways, which is understood to be implicated in the SITA data breach, succumbed to two major data breaches in 2018, for which we are currently representing claimants in a group action.

The SITA data breach incident

On 24th February, the SITA data breach arose as a result of a cyberattack, affecting a company server that holds extensive passenger data. As an international IT services provider that operates passenger processing systems for many airlines, a number of high-profile clients were affected. This included those under the Star Alliance umbrella, as well as British Airways.

SITA reports that the breach was contained quickly, and that the affected airlines were contacted immediately to ensure that they could inform passengers. It is understood that the exposed information relates to frequent flyers, whose names, membership numbers and flight preferences may have been affected. In an email statement, BA assured customers that SITA is not in possession of any sensitive personal or financial information relating to their customers.

Overall, the SITA breach has been deemed as “low risk”, but the victims can still be at risk and could still be eligible to claim data breach compensation.

The potential implications of the data breach

The SITA data breach is under continued investigation as the company tries to understand how the breach occurred. SITA emphasised that the attack was “highly sophisticated”, explaining that cybercriminals have continued to develop their methods and have become more active over the course of the Covid-19 pandemic.

As cybercriminals optimise their attack strategies, the travel industry must take urgent action to improve its cybersecurity defences. If investigations find that a cybersecurity vulnerability allowed the SITA data breach to occur, the company may need to answer serious questions about its data handling.

Making a data breach claim

As specialists in group actions and data breach claims it is, unfortunately, unsurprising to see another monumental data breach hit the travel industry. While companies fail to match the cunning of cybercriminals, we are here to ensure those affected by data breaches can access the justice that they deserve.

With group actions against travel companies Marriott and easyJet, we also sit on the Steering Committee for the action against British Airways, the first GDPR Group Litigation Order in England and Wales.

We are happy to offer free, no-obligation advice to any data breach victims, so contact us to discuss your potential compensation claim.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.