EasyJet faces class-action lawsuit over data breach

If successful, every customer impacted by the breach could receive a £2,000 payout

EasyJet is facing an £18 billion class-action lawsuit over the recent large-scale data breach that exposed the personal details of nine million of its customers. 

Law firm PGMBM said it has issued a class-action claim in the High Court of London with a potential liability of £18 billion. If successful, each customer impacted by the breach could receive a payout of £2,000.

This move follows the airline’s recent announcement that it had been the subject of a “highly sophisticated cyber attack” in which the email addresses and travel details of around nine million customers were accessed, as well as the credit card details of 2,208 customers.

PGMBM, which specialises in group class-action, said that although the airline had announced the breach on May 19, it actually occurred four months earlier in January. This meant that the company delayed telling those affected that they could be at risk for four months, potentially leaving them open to attack.

“This is a monumental data breach and a terrible failure of responsibility that has a serious impact on EasyJet's customers," said PGMBM managing partner Tom Goodhead.

“This is personal information that we trust companies with, and customers rightly expect that every effort is made to protect their privacy. Unfortunately, EasyJet has leaked sensitive personal information of nine million customers from all around the world.”

The law firm said it was taking the action under Article 82 of Europe's General Data Protection Regulation (GDPR), which gives customers the right to compensation for inconvenience, distress, annoyance, and loss of control of their personal data.

EasyJet has yet to comment on the filing of the lawsuit, but last week apologised to those customers affected.

Related Resource

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now

It remains to be seen whether EasyJet will also face a fine from the Information Commissioner's Office (ICO). The watchdog's guidance states that failing to notify a breach when required to do so can result in a significant fine up to €10 million euros or two per cent of a company's global turnover.

A spokesperson for the watchdog confirmed that an investigation into the breach is ongoing, saying: “People have the right to expect that organisations will handle their personal information securely and responsibly. When that doesn’t happen, we will investigate and take robust action where necessary."

Featured Resources

BIOS security: The next frontier for endpoint protection

Today’s threats upend traditional security measures

Download now

The role of modern storage in a multi-cloud future

Research exploring the impact of modern storage in defining cloud success

Download now

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

The total economic impact of Adobe Sign

Cost savings and business benefits enabled by Adobe Sign

Download now

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
The Xbox Series X shows how far the cloud still has to go
Cloud

The Xbox Series X shows how far the cloud still has to go

25 Sep 2020