Victims of EasyJet data breach could get hundreds in compensation 

Legal firms will this week file a claim on behalf of 9m EasyJet customers who had sensitive data stolen by cyber criminals in January 2020.

EasyJet, the low cost European airline, was the victim of a cyber hack by criminals in January 2020. It notified 9m customers in May 2020 that their email addresses and travel details had been ‘accessed’ by criminals and warned they should be alert and take steps to minimise the risk of phishing. More worryingly, 2208 people had financial information including credit card details and CVV data compromised. 

At the time, the airline said it takes issues of security extremely seriously and continues to invest to further enhance its security environment. They also maintain there is no evidence that any personal information of any nature has been misused. Keller Postman is leading a group of legal firms – including Leigh Day, HNK Solicitors and Johnson Law – to file a claim on behalf of the 9 million affected EasyJet customers.  

EasyJet should be doing more

Despite reassurances from EasyJet to its customers, Keller Postman has questioned the speed and adequacy of its offer. It believes EasyJet should have acted more quickly to notify its customers, even if it didn’t have the full information at the time, and has launched a group action against the airline. 

Keller told us that six months after the breach, more than 50% of all clients signed up to their action had experienced spam attempts that they believed resulted from this breach and 20% experienced fraudulent transactions or had to cancel their cards to protect themselves from possible fraud attempts. 

This isn’t the only claim the airline is facing as several other law firms are also seeking to get affected individuals compensation. If you were affected by the data breach take a look at our claims page to see if you’re eligible to claim. 

Long running investigations 

As is typical in these cases EasyJet hired forensic experts to help them investigate the issue and they also notified the National Cyber Security Centre and the Information Commissioner’s Office (ICO) as they sought to secure their systems. As a result of this the ICO, the UK’s data protection agency, is investigating the breach to check the adequacy of the company’s data security processes at the time of the attack. 

This investigation hasn’t yet reached any conclusions, despite the time that has elapsed. A Freedom of Information Request was made to the ICO on 28 July 2022 requesting the report and its findings on this data breach. The watchdog declined to provide any information, stating in a reply on 24 August 2022 that its ‘investigation into this breach has not yet concluded.’ 

Who is eligible for compensation?

All 9m affected customers should have received an email from EasyJet confirming they were included in the breach. However, anyone who hasn’t received an email but booked flights from 17 October 2019 to 4 March 2020 could be eligible. Sign up to this claim if you think you had your personal data stolen.

BA hit with a fine for data breach

The ICO has previously fined British Airways £20 million for a similar breach. However, the bad news for customers is that even if the ICO fines EasyJet, none of this money will go to the victims of the hack.