EasyJet faces class-action lawsuit over data breach
If successful, every customer impacted by the breach could receive a £2,000 payout
EasyJet is facing an £18 billion class-action lawsuit over the recent large-scale data breach that exposed the personal details of nine million of its customers.
Law firm PGMBM said it has issued a class-action claim in the High Court of London with a potential liability of £18 billion. If successful, each customer impacted by the breach could receive a payout of £2,000.
This move follows the airline’s recent announcement that it had been the subject of a “highly sophisticated cyber attack” in which the email addresses and travel details of around nine million customers were accessed, as well as the credit card details of 2,208 customers.
PGMBM, which specialises in group class-action, said that although the airline had announced the breach on May 19, it actually occurred four months earlier in January. This meant that the company delayed telling those affected that they could be at risk for four months, potentially leaving them open to attack.
“This is a monumental data breach and a terrible failure of responsibility that has a serious impact on EasyJet's customers," said PGMBM managing partner Tom Goodhead.
“This is personal information that we trust companies with, and customers rightly expect that every effort is made to protect their privacy. Unfortunately, EasyJet has leaked sensitive personal information of nine million customers from all around the world.”
The law firm said it was taking the action under Article 82 of Europe's General Data Protection Regulation (GDPR), which gives customers the right to compensation for inconvenience, distress, annoyance, and loss of control of their personal data.
EasyJet has yet to comment on the filing of the lawsuit, but last week apologised to those customers affected.
IT faces new security challenges in the wake of COVID-19
Beat the crisis by learning how to secure your networkDownload now
It remains to be seen whether EasyJet will also face a fine from the Information Commissioner's Office (ICO). The watchdog's guidance states that failing to notify a breach when required to do so can result in a significant fine up to €10 million euros or two per cent of a company's global turnover.
A spokesperson for the watchdog confirmed that an investigation into the breach is ongoing, saying: “People have the right to expect that organisations will handle their personal information securely and responsibly. When that doesn’t happen, we will investigate and take robust action where necessary."
The ultimate law enforcement agency guide to going mobile
Best practices for implementing a mobile device programFree download
The business value of Red Hat OpenShift
Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShiftFree download
Managing security and risk across the IT supply chain: A practical approach
Best practices for IT supply chain securityFree download
Digital remote monitoring and dispatch services’ impact on edge computing and data centres
Seven trends redefining remote monitoring and field service dispatch service requirementsFree download