easyJet Data Breach – Extent of Damage May Not be Known for Months


20 May 2020

Lawyers specialising in recovering compensation for GPDR data breach victims have today cautioned that the ‘full extent of damage’ caused by the easyJet hackers may not be apparent for many months – with many suffering both financial and emotional stress as a result of the breach.

According to the airline the violation affects a staggering 9 million customers who have had their travel details accessed, and around 2,200 customers who also had their credit card details stolen.

Yet while those impacted are now being urged by easyJet to take extra precaution to avoid being duped by scammers taking advantage of the Covid-19 situation and the cancellation of thousands of flights, it remains unclear whether the data taken has already been used or whether it will be used again.

Lawyer Robert Godfrey, who heads a dedicated GDPR Data Breach Claims team at Simpson Millar Solicitors which specialises in recovering compensation for victims of data breaches, said any investigation must determine whether the airline had ‘failed’ in its fundamental duty to protect customers’ personal data. 

He said, “Like the rest of the UK we are watching this story unfold with great alarm. This data breach affects a staggering 9 million people; many of whom have also had their credit card information accessed by hackers who come with absolutely nothing but ill-intent.

“It’s now imperative that an independent investigation looks at whether the airline failed to deliver on its fundamental duty to protect customers’ personal information and whether more could have been done to prevent this data breach.

“If that is the case, those 9 million people may be entitled to compensation for any financial loss incurred.”

Godfrey explained that in some cases a significant GDPR data breach had wider implications – affecting credit scores and the ability to move home, or buy a car; also affecting relationships and causing emotional distress.

He added, “Sadly, in our experience the true extent of damage caused by situations such as this are not apparent for many months and can often affect people in ways you wouldn’t expect.

“The airline says it has gone public with details of the hack to make people aware that their details may have been accessed and to take ‘protective steps’ to minimise risk. That is not nearly enough.

“People need more information about how the data protection breach directly affects them so that they can make informed decisions about what to do next. They also deserve some direct communication about what went wrong, and what the airline has done since to protect them and their families.

“If easyJet failed to protect their personal information those affected can will be entitled to bring legal proceedings against the company, and any further financial impact as a result of their failure to communicate quicker, and more effectively, will form part of that claim.”

The incident has now been referred to the Information Commissioner’s Office (ICO) - the UK’s data protection agency – which issued a fine of £183 million to rival airline British Airways in 2019 after a GDPR data breach exposed the booking details of 500,000 customers.

Contact our Data Breach Solicitors For a Free Case Assessment

We're happy to help

Monday to Friday 8:30am-7:00pm

0808 239 9426

0808 239 9426

We're happy to call you

Simply click below to arrange the assessment

Request a Free Case Assessment

Contact us for a Free Data Breach Case Assessment

Enter the organisation who has exposed your data

This data will only be used by Simpson Millar in accordance with our Privacy Policy for processing your query and for no other purpose

Simpson Millar Solicitors are a national law firm with over 500 staff and offices in Billingham, Bristol, Cardiff, Catterick, Lancaster, Leeds, Liverpool, London and Manchester.