Skip to the content

Data Breaches and Class Actions

Class actions are well established in the USA but are increasingly developing elsewhere, particularly in the UK. Class actions or group litigation enables claimants with similar claims to come together and bring actions collectively against the same defendant. In the UK there are two main forms of group litigation for collective data breaches. 


Group Litigation Orders operate as an opt-in basis which means that claimants are not included in the law suit unless they take definite steps to join by entering details of their claim into a “Group Register” which is established once the GLO has been made. The proposed claim is generally advertised to alert potential claimants and the Court will often direct a cut-off date after which claimants cannot be entered onto the Group Register without the court’s permission.

Representative Actions are an alternative procedure to GLOs and may be made by multiple claimants who have the “same interest” in a claim. Therefore, they must all have a common grievance and the relief sought must be the same for all claimants. The claim is brought by a representative for all the claimants who prosecutes the action on their behalf.


Unlike GLOs and similar to their US equivalents, Representative Actions are “opt-out” and so all persons falling into the represented class form part of the litigation unless they take positive steps to remove themselves.


An example of sources of Class Actions are data breaches which have had a considerable impact on many large corporates who have fallen foul of Cyber-attacks.  British Airways fell victim to a “formjacking” attack involving user traffic being diverted from the British Airways website to a fraudulent site. Through this false site, the personal data (including BA login details, credit card information, address, email address and travel booking information) of approximately 500,000 users was compromised.

After an intensive investigation by the ICO a notice of intention to fine British Airways to the tune of £183 million was issued. Virgin Media has also been a victim after hackers accessed customer information stored on an incorrectly configured database which resulted in up to 900,000 customers personal data being compromised. Easyjet also fell foul with customers full names, email addresses and travel data which included departure and arrival dates being hacked.


At Exasoft Group and in association with our industry partners we are assisting clients in designing, building and running end to end solutions that can cope with large scale class actions. From initial data capture through to case management and if appropriate payment issuance across different currencies and platforms.


To find out more contact Dave West, Head of Client Services, Exasoft Group,

e: [email protected] t:0333 800 0165



comments powered by Disqus