EasyJet Data Breach – Extent of Damage May Not be Known for Months

20 May 2020

Lawyers specialising in recovering compensation for data breach victims have today cautioned that the ‘full extent of damage’ caused by the EasyJet hackers may not be apparent for many months – with many suffering both financial and emotional stress as a result of the breach.

According to the airline the violation affects a staggering 9 million customers who have had their travel details accessed, and around 2,200 customers who also had their credit card details stolen.

Yet while those impacted are now being urged by EasyJet to take extra precaution to avoid being duped by scammers taking advantage of the Covid-19 situation and the cancellation of thousands of flights, it remains unclear whether the data taken has already been used or whether it will be used again.

Lawyer Robert Godfrey, who heads a dedicated Cyber Security and Data Breach claims team at law firm Simpson Millar which specialises in recovering compensation for victims of a data breach, said any investigation must determine whether the airline had ‘failed’ in its fundamental duty to protect customers’ personal data. 

He said, “Like the rest of the UK we are watching this story unfold with great alarm. This breach affects a staggering 9 million people; many of whom have also had their credit card information accessed by hackers who come with absolutely nothing but ill-intent.

“It’s now imperative that an independent investigation looks at whether the airline failed to deliver on its fundamental duty to protect customers’ personal information and whether more could have been done to prevent this breach.

“If that is the case, those 9 million people may be entitled to compensation for any financial loss incurred.”

Godfrey explained that in some cases a significant data breach had wider implications – affecting credit scores and the ability to move home, or buy a car; also affecting relationships and causing emotional distress.

He added, “Sadly, in our experience the true extent of damage caused by situations such as this are not apparent for many months and can often affect people in ways you wouldn’t expect.

“The airline says it has gone public with details of the hack to make people aware that their details may have been accessed and to take ‘protective steps’ to minimise risk. That is not nearly enough.

“People need more information about how the breach directly affects them so that they can make informed decisions about what to do next. They also deserve some direct communication about what went wrong, and what the airline has done since to protect them and their families.

“If EasyJet failed to protect their information those affected can will be entitled to bring legal proceedings against the company, and any further financial impact as a result of their failure to communicate quicker, and more effectively, will form part of that claim.”

The incident has now been referred to the Information Commissioner’s Office - the UK’s data protection agency – which issued a fine of £183 million to rival airline British Airways in 2019 after a data breach exposed the booking details of 500,000 customers.

It's easy to get in touch

We're happy to help

Monday to Friday 8:30am-7:00pm

08002 605 010

08002 605 010

We're happy to call you

Simply click below to arrange a call

Request a Call Back

Request a Callback

This data will only be used by Simpson Millar in accordance with our Privacy Policy for processing your query and for no other purpose

Simpson Millar is a national law firm with over 500 staff and offices in Bristol, Cardiff, Lancaster, Leeds, Liverpool, London - Euston, London - Fleet Street, London - Teddington, Manchester and Southport.