EasyJet faces class-action lawsuit over data breach

If successful, every customer impacted by the breach could receive a £2,000 payout

EasyJet is facing an £18 billion class-action lawsuit over the recent large-scale data breach that exposed the personal details of nine million of its customers. 

Law firm PGMBM said it has issued a class-action claim in the High Court of London with a potential liability of £18 billion. If successful, each customer impacted by the breach could receive a payout of £2,000.

This move follows the airline’s recent announcement that it had been the subject of a “highly sophisticated cyber attack” in which the email addresses and travel details of around nine million customers were accessed, as well as the credit card details of 2,208 customers.

PGMBM, which specialises in group class-action, said that although the airline had announced the breach on May 19, it actually occurred four months earlier in January. This meant that the company delayed telling those affected that they could be at risk for four months, potentially leaving them open to attack.

“This is a monumental data breach and a terrible failure of responsibility that has a serious impact on EasyJet's customers," said PGMBM managing partner Tom Goodhead.

“This is personal information that we trust companies with, and customers rightly expect that every effort is made to protect their privacy. Unfortunately, EasyJet has leaked sensitive personal information of nine million customers from all around the world.”

The law firm said it was taking the action under Article 82 of Europe's General Data Protection Regulation (GDPR), which gives customers the right to compensation for inconvenience, distress, annoyance, and loss of control of their personal data.

EasyJet has yet to comment on the filing of the lawsuit, but last week apologised to those customers affected.

Related Resource

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now

It remains to be seen whether EasyJet will also face a fine from the Information Commissioner's Office (ICO). The watchdog's guidance states that failing to notify a breach when required to do so can result in a significant fine up to €10 million euros or two per cent of a company's global turnover.

A spokesperson for the watchdog confirmed that an investigation into the breach is ongoing, saying: “People have the right to expect that organisations will handle their personal information securely and responsibly. When that doesn’t happen, we will investigate and take robust action where necessary."

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021