The easyJet data breach was announced by the airline group on 19th May 2020. easyJet publicly admitted that the sensitive personal data of nine million customers from around the world had been exposed in a “sophisticated” data breach.
The cyber-attack took place in January 2020, but despite notifying the UK’s Information Commissioner’s Office at that time, easyJet waited four months before notifying its customers, who suffered a loss of privacy and weren’t even made aware of it straight away.
Customers affected by the data breach were notified by email in May that information such as their names, email addresses and travel details – including where they were travelling to and from, departure dates, booking reference numbers, booking dates, and the value of their bookings – could have been exposed by the leak.
Some customers were also affected by the disclosure of more sensitive data: 2,208 individuals had their credit card details stolen, including the three-digit security code known as the CVV number.
The severity of the breach
Depending on the kind of data that falls into the hands of third parties, the results can be severe, from fraudulent representation to unidentified shopping bills racked up on customers’ credit cards.
However, what matters most is not the type of data leaked, but the fact that it was leaked in the first place, and that it took four months for EasyJet to warn their customers about the breach of their privacy.
Thomas Goodhead, firm Managing Partner, said: “This is a monumental data breach and a monumental failure that has a serious impact on easyJet’s customers.
This is personal information that we trust companies with, and customers should rightly expect that every effort is made to protect that.
Unfortunately, the easyJet data breach has leaked the sensitive personal information of nine million customers from all corners of the world.”
The law favours the victims of the data breach
Under Article 82 of the EU General Data Protection Regulation (EU-GDPR), customers have a right to compensation for inconvenience, distress, annoyance, and loss of control over their data.
In 2018, British Airways was hit with a record fine of £183 million by the ICO over its “poor security arrangements”.
On this occasion, Information Commissioner Elizabeth Denham said: “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage, or theft, it is more than an inconvenience.”
Our firm, a leading international law firm specialising in group litigation actions, has issued the claim form on behalf of impacted customers, after having been contacted by potential claimants when the easyJet data breach was made public.
We are now seeking a group litigation order and are urging all of those affected by the data breach to come forward and join the claim to pursue compensation.
Any easyJet passenger who was affected around the world can claim. Learn more at the website easyJet data breach claim.