Battle of the Airlines: Computer hacking of flight details 'was illegal': British Airways ran a complex, covert operation to steal customers from Richard Branson's Virgin Atlantic

VIRGIN Atlantic yesterday said British Airways' dirty tricks campaign included instructing employees illegally to access Virgin's confidential flight details in breach of the Data Protection Act.

The airline's solicitors, Harbottle and Lewis, have a signed statement from a former BA employee, Sadig Khalifa, detailing how BA managers instructed him and a team of colleagues to tap into Virgin's computer files.

Information allegedly gained by the Helpline staff included home telephone numbers of first class passengers - many directors of major companies - and vital information on bookings, departure times and the sex of passengers.

Frances Butler-Sloss, a lawyer acting for Virgin, said the airline stored such confidential information on BA's computer system, which they rented, 24 hours before a flight departure in case of breakdown in their own, more antiquated, system.

BA used the Virgin flight details to cold-call customers at home in an attempt to lure them onto BA flights and may have altered its commercial policies as a result, she added.

At least five of Virgin's first-class passengers who had been subjected to home cold-calling have said they are willing, if necessary, to co-operate with the company in a complaint to the Data Protection Registrar.

Ms Butler-Sloss says BA's activities breached the Data Protection Act 1984 in several ways. Among other principles, the Act requires that personal data should be obtained lawfully and used only for the purposes specified to the Data Protection Registrar.

She said: 'The consequences were enormous. They had the telephone numbers of all Virgin's first-class passengers and we have evidence they rang them to offer freebies, such as flights to Paris or Concorde trips . . .'

Virgin says it will not act on evidence of BA's misuse of data unless what BA called 'regrettable incidents' recur.

Andrew Puddephatt, general secretary of Liberty, the civil liberties campaigning group, said passengers who wished to take action against BA would have to alert the DPR, who would then investigate the matter with powers to search premises and question staff. 'The penalties would be fairly nominal to an organisation of BA's size, if it was found to be at fault, because the data protection law is not backed up with any force. But the publicity would be very damaging,' he said.

Stewart Dresner, a data protection consultant, said the Data Protection Registrar had no power to fine a company or individual who had breached the Act. 'If anyone considers they have suffered damage, they would have to go to the civil courts for redress, and any damages would be paid by the guilty party.'

He said that if it could be proved BA obtained the confidential information by 'hacking' into Virgin's computer - perhaps by using a special code - then that was potentially a breach of the Computer Misuse Act, which could justify separate litigation.