28 May 2020

EasyJet faces £18 billion class-action lawsuit after customer data breach


EasyJet faces £18 billion class-action lawsuit after customer data breach

An £18 billion group class action lawsuit has been filed against UK budget airline EasyJet by customers impacted by a recently-disclosed data breach.

The lawsuit has been filed under the Data Protection Act 2018, and PGMBM, a law firm which has issued a class-action claim, is claiming up to £2,000 per affected customer, taking the total claim to £18 billion.

"EasyJet announced on the 19th May 2020 that sensitive personal data of 9 million travellers had been exposed in a data breach. Despite notifying the UK’s Information Commissioner’s Office of the breach in January 2020, EasyJet waited four months to notify its customers," the firm said.

"The sensitive personal data leaked includes full names, email addresses and most disturbingly of all, travel data including departure dates, arrival dates and booking dates. In particular, the exposure of details of individuals’ personal travel patterns may pose security risks to individuals and is a gross invasion of privacy.”

Earlier this month EasyJet revealed that the personal data of nine million customers leaked online due to a “highly sophisticated cyber-attack.”

At the time, the company said 2,208 credit card details were accessed by hackers, though the company insists that passport details of customers were not compromised.

However, in email informing customers about the breach the company admitted that the hackers also got access to their entire itineraries, including “where you were travelling from and to, your departure date, booking reference number, the booking date and the value of the booking.”


Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024