British Airways settled a data breach class action lawsuit this week resulting from a 2018 data breach that affected thousands of its customers.

In 2018, the personal data of approximately 420,000 customers and staff was leaked, including names, addresses, and bank account information. When U.K. regulators investigated this incident in 2018, it was reported that British Airways had been saving card payment details in plain text since 2015 and had not implemented multi-factor authentication in its organization.

The suit was filed under the European Union’s General Data Protection Regulation, which increased the potential penalties for failing to protect consumers’ personal information.

The sum of the settlement was not disclosed.

Notably, the pandemic has hit the airline hard and in October 2020, the U.K. Information Commissioner’s Office reduced the fine it had imposed for the data breach from $254 million to about $27 million as a result of the financial hardship.