BA employees may have legal claim over payroll data breach
BA employees are among thousands of workers affected by a payroll data breach being investigated by law firm Leigh Day.
Posted on 06 September 2023
The airline’s workers may be able to bring a legal claim after personal data is believed to have been stolen by cyber attackers working with the Russian ransomware group C10p (Clop).
The attack in June 2023 exploited a vulnerability in Progress Software's MOVEit file transfer tool to access IT systems.
One of the organisations affected is Zellis, a company providing payroll services to companies in the UK including British Airways (BA). Current and former employees of the BBC, Boots and DHL are also believed to have been affected.
The attack is believed to have breached the payroll data of employees. The BA data hack includes employees’ names, contact details (home address and work email), dates of birth, national insurance numbers, banking details (account number and sort code), pay and reward details and other ancillary data relating to the employees’ roles.
The legal claim for compensation is being led by Leigh Day data breach claims specialist lawyers, Sean Humber and Gene Matthews.
Sean Humber, a partner at Leigh Day, who has successfully acted in a series of claims relating to the unauthorised disclosure of confidential information over the last 20 years, including claims against large multinational companies, stated:
“This is a serious data breach. Clearly, for hackers to be able to access this personal data, something has gone badly wrong. It will be important to critically review the adequacy or otherwise of the security measures in place and who bears responsibility for any shortcomings identified. If it turns out that the security measures were not adequate, it is likely that those affected are likely to be entitled to compensation for the distress caused by the breach as well as any financial losses that they may have suffered.”
Gene Matthews, a partner at Leigh Day, who has successfully acted in a succession of large group claims over the last 20 years, added:
“This is likely to be a deeply worrying time for those affected, particularly if their financial details have been compromised. These kinds of data breaches can leave those affected at increased risk of fraud and identity theft.”
If you have been affected by this data breach and wish to receive further information about joining the claim, on a “no win, no fee” basis with no up-front payment required, please click here.
Gene specialises in consumer law, product liability and data protection claims mainly brought as group claims/ multi-party actions
Sean is an experienced human rights lawyer and privacy breach compensation claims specialist