The largest group claim relating to personal data in UK legal history has been settled for an undisclosed sum.

More than 16,000 people joined a case against British Airways after the airline revealed a breach of its security systems leading to 420,000 customers and staff having their personal data leaked, including names, debit and credit card numbers, addresses and email addresses.

A claim – believed to be the largest opt-in group action for a data breach ever brought in the UK – was filed by international practice PGMBM last year. The case has now been settled for an undisclosed sum, with provision for compensation for qualifying claimants who were part of the litigation. The resolution does not include any admission of liability.

Harris Pogust, PGMBM chairman, said: ‘We are very pleased to have come to a resolution on this matter after constructive mediation with British Airways. This represents an extremely positive and timely solution for those affected by the data incident. The Information Commissioner’s Office laid out how BA did not take adequate measures to keep its passengers’ personal and financial information secure. However, this did not provide redress to those affected. This settlement now addresses that.’

A spokesperson for BA said: ‘We apologised to customers who may have been affected by this issue and are pleased we've been able to settle the group action. When the issue arose we acted promptly to protect and inform our customers.’

The settlement closes the group litigation brought on behalf of claimants under the EU General Data Protection Regulation, which sought compensation for non-material damage including inconvenience, distress, annoyance and loss of control of their personal data.

PGMBM said the speed at which the case was settled ‘demonstrates how seriously the legal system is taking mass data incidents’. The firm is also looking to bring ‘an even bigger’ case against EasyJet following an alleged 2020 data breach.