BA Data Breach
Compensation Claim

Please be advised that we are no longer accepting clients for this action. We are, however, aware of other firms still doing so and invite you to look into this should you still wish to bring a claim.

Were you affected by the 2018 BA Data Breach?

You could be entitled to significant compensation.

Join the claim now before it's too late.


What is the BA Data Breach?

More than 420,000 customers had their personal data stolen between August 2018 and September 2018.

The ‘poor security arrangements’ BA had in place cost them £20 million in fines from the ICO, but not a single penny of this money will go to those affected by the breach.

Now it is time for the victims to be compensated.

About the claim

Which personal details were compromised?

The personal information that was taken in the attack included:

• Full names
• Debit and credit card numbers
• Addresses
• Email addresses
• CVV numbers

Other details thought to have been accessed include the combined card and CVV numbers of 77,000 customers and card numbers of another 108,000 customers.

BA customers were advised to monitor financial transactions on their accounts and, in some cases, recommended to cancel their cards.

Usernames and passwords of BA employee and administrator accounts, as well as usernames and PINs of up to 612 BA Executive Club accounts, were also potentially accessed in the attack.

How to join

Did BA offer to help?

The response from BA was not good enough.
BA offered a reimbursement for customers who suffered ‘direct financial losses’ and ‘credit rating monitoring’ for those affected, but did not consider the future repercussions that customers could suffer. There were numerous measures BA could have used to prevent the risk of attackers being able to access the BA network. These include:
  • Limiting access to applications, data and tools to only those required to fulfill a user’s role
  • Undertaking rigorous testing
  • Protecting employee and third party accounts with multi-factor authentication
These measures are not expensive or technically advanced. Since the attack, however, BA has made considerable improvements to its IT security

What our clients say

Are you eligible to claim?

In excess of 420,000 people were affected by the breach and PGMBM is already representing thousands of them.

If you received an email from British Airways in September 2018 about your involvement in the breach, you are eligible to join our claim and may be able to claim compensation.

As British Airways is based in the UK, we can bring claims on behalf of all affected clients irrespective of where they live.

How to search your emails

The email was sent in September 2018, so it is important that you check through old emails. This includes your junk and spam folders.

Try searching for a subject line: ‘Criminal Theft of Customer Data, more information’.

We understand it can be difficult to find emails that are more than two years old, so we will do everything we can to assist you.

There is limited time to join the action. Sign-up now to avoid missing out!

Please note: If you did not receive an email from BA notifying you that you were a victim, you are not eligible to claim.

Why should I claim?

Article 82 of the EU General Data Protection Regulation (EU-GDPR) states that you have a right to compensation for non-material damage. This means those affected are entitled to compensation for the stress, frustration, and anxiety associated with the breach.

The time is now

This is not the first time that BA’s IT security systems have been compromised. They have treated their customers’ personal information poorly over the past few years and it is time to take action.

You could be owed significant compensation in this case. Do not wait around; join our claim now and get back what you are owed.


The case is being handled on a No-Win, No-Fee basis, so there is no risk attached to you.

Our Conditional Fee Agreement means we will only charge you if your claim is successful. This fee is capped at 35% of the damages that you recover.

In the unlikely event that we are not successful, our insurance policies protect you against reimbursing the costs of the Defendants’ legal teams.

It takes under a minute to join. What are you waiting for?

How serious are data breaches?

There are several ways your personal data can be used after it has been taken from companies you once trusted. Your data can be used to:

  • Steal your money
  • Rack up credit card debts
  • Take out loans in your name

Just because you have not noticed any direct repercussions from the breach, does not mean you were not affected. Thieves can sell on your information on the dark web at any time, meaning you could be at risk in the foreseeable future.

It is time that large corporations understand the repercussions of their poor security platforms. Don’t wait, start your claim now.

Who are PGMBM?

We are PGMBM, a top UK law firm passionate about giving victims a voice against corporate wrongdoing.

We are already representing thousands of victims of BA’s data breach.

We have specialist expertise in group claims, currently litigating against other large corporations including EasyJet, Mercedes, Volkswagen and BHP.

Passionate about getting justice for corporate wrongdoing, we will do everything in our power to help victims obtain the compensation that they deserve.

By joining PGMBM’s group action with thousands of other affected BA customers, you have the best chance of ensuring you receive the highest compensation possible.

There has already been significant interest in the claim and we are now giving those affected until 21 May 2021 to join the claim and be a part of the action.

It takes under a minute to sign up – get started now.


Data security:

The security of your data is important and it is time for large companies to understand that.

Financial gain:

You could receive significant compensation if you are eligible.

We make it simple:

It takes under a minute to start your claim.


Yes. As British Airways is based in the UK, we can bring claims on behalf of all affected clients irrespective of where they live.

We cannot currently put a final figure on this, but our team of expert solicitors and barristers are seeking damages of up to £2,000.

As with all our cases, we are aiming to win our clients as much money as possible.

The claim is being litigated as a group action, meaning it grows stronger as more people sign up. If you know anyone who may have been affected, please encourage them to join the claim.

We will give you regular updates as the case unfolds.

It will not cost you a penny to join the claim.

By acting on a no-win, no-fee basis, we will only be paid in the event that the case is won.

If we don’t win the case, you will not pay anything and we will cover all the legal fees, court fees, and insurance costs.

All you need to do is submit your details to our Chatbot and we will advise you on how to move forward.

To join our claim, the main piece of information you will need is an email from BA.

This was sent in September 2018 and had the subject line ‘Criminal Theft of Customer Data, more information’.

Please check your junk and spam folders, too.

Aside from the original email, all you will need is your name, email address, and home phone number.

It takes under a minute to join the claim and start the process to winning compensation.

To join, you will be asked to submit your name, email address, home address and phone number via our Chatbot.

We will then send you a short questionnaire to confirm your eligibility and gather some further information. Once we have carried out all the necessary checks, we will contact you to let you know if your application to join the claim has been successful. Once you have officially joined the claim, you do not need to do anything further and we will be in regular contact regarding the progress of your claim. Don’t forget, you do not pay anything to sign-up, so why wait?

If you received an email from BA about your involvement with the breach, you are eligible to join the claim. To be eligible for compensation, you will need access to the email.

Once you have submitted your details to us, we will review it and determine your eligibility.

There is no risk, or initial costs involved, and all your information is kept confidential. Don’t miss out and sign up now.

The premise of this claim requires an email, from BA, informing you of the breach and of your involvement.

We appreciate that you may not keep emails from two years ago and so are doing our best to assist you with this problem.

Please check your junk and spam emails for a message titled ‘Criminal Theft of Customer Data, more information.’

PGMBM’s lawyers are committed to winning your compensation as quickly as possible.

We cannot put a time frame on this right now, as the case is ongoing. We will keep you informed about case updates and further information as frequently as possible.

We are confident that a decision will be reached quickly, so don’t delay joining the action.

We do not charge anything unless the case is successful. If the case is successful, you will be charged a maximum of 35% of your compensation.

You will not have to pay anything if we don’t win the claim. This is what we mean by No-Win, No-Fee.

In the unlikely event that we lose the case, the ATE insurance we took out on your behalf (at no cost to you) will cover any adverse court or legal fees.

As this is an ongoing case, there is technically no time limit.

However, due to the significant interest we have received so far, we have decided to stop accepting claimants after 21 May 2021.

We are confident that a decision will be reached quickly and we have some of the best lawyers in the field handling this case, so sign-up now for your best chance of winning.

The claim will be processed as a group action, meaning we will litigate on behalf of all our claimants under one ‘umbrella’. This makes the claim stronger, faster, and easier to move forward.

We carry out all our claims in the same way and our team are skilled in this form of litigation. With us, you can rest assured that your claim is in good hands and that you have the best possible chance of compensation.

The claim is strengthened by the amount of people who sign-up, so if you know anyone else who may have been affected then please encourage them to join.

Your claim will be brought to court pursuant to the Data Protection Act 2018, which incorporates the GDPR. We will argue that BA have misused your private information and breached your privacy.

Yes, everyone affected by the data breach is entitled to claim and we will guide you through every step of the process. Don’t wait. Join now.

Absolutely not. We are acting as a voice for all the affected victims of the breach and your status as a British Airways customer will never be impacted.

You can continue to fly with BA as usual and collect your Avios throughout the case.

Follow us on social media to learn more about our cases and our values


PGMBM (a trading name of PGMBM Law Limited) – SRA License Number 512898

PGMBM is authorised and regulated by the Solicitors Regulation Authority and
complies with the
Solicitors Code of Conduct, a copy of which can be located here.


13/01 09:00

Our Chatbot is currently unavailable due to scheduled maintenance.

Please call us on 03330 155 900 or try again later