Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
More than 6,000 easyJet customers have filed a group action seeking damages after a cyberattack on the airline exposed their personal details to hackers.
The airline admitted in mid-May that the information of about 9 million people had been leaked, the complaint says.
According to PGMBM, the firm handling the easyJet class action lawsuit, the breach took place in January. The UK’s Information Commissioner’s Office was notified that same month, but the affected consumers were not.
“The breach took place in January 2020, meaning it took four months for easyJet to notify its customers,” according to PGMBM.
The easyJet cyberattackers stole email addresses and travel information; in addition, 2,208 customers had their credit and debit card details “accessed,” the airline said, including the three-digit security code on the back of the card.
EasyJet has asked victims to be careful about phishing attacks, emphasizing the threat victims face from those seeking to defraud them.
“The sensitive personal data leaked includes full names, email addresses and most disturbingly of all, travel data including departure dates, arrival dates and booking dates,” according to easyJet claim website, which is administered by PGMBM. “In particular, the exposure of details of individuals’ personal travel patterns may pose security risks to individuals and is a gross invasion of privacy.”
However, easyJet said in a notice about the incident there was no evidence that any of the personal information had been misused.
“… On the recommendation of the ICO, we are communicating with the approximately 9 million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing,” the company said.
“We are advising customers to continue to be alert as they would normally be, especially should they receive any unsolicited communications. We also advise customers to be cautious of any communications purporting to come from easyJet or easyJet Holidays,” easyJet added.
This is not the first time an airline has been the subject of this type of data breach group litigation.
In July 2019, the Information Commissioner’s Office announced it would fine British Airways £183 million after a data loss, “leaving the seriousness of this type of incident in no doubt,” PGMBM said.
According to the European Union’s General Data Protection Regulation, claims for nonmaterial damages are allowed, meaning plaintiffs don’t need to prove direct financial loss in order for compensation to be awarded.
The General Data Protection Regulation also allows EU citizens to claim monetary damages from a business affected by a data breach. Consumer bodies are allowed to represent an individual or group who wants to bring litigation.
Forty-three claimants were initially included in the easyJet class action lawsuit, Tom Goodhead recently told Law360. Goodhead is a managing partner with PGMBM.
However, since the initial filing in May 22, PGMBM has offered conditional fee arrangements to an additional 6,000 claimants, with another 25,000 seeking to join the easyJet class action lawsuit.
CEO Johan Lundgren released a statement apologising to easyJet customers affected by the breach.
“We take the cyber security of our systems very seriously and have robust security measures in place to protect our customers’ personal information,” Lundgren said. “However, this is an evolving threat as cyber attackers get ever more sophisticated. … We are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications. … We would like to apologise to those customers who have been affected by this incident.”
“This case will answer a novel question of how much value do you put on the privacy of travel data,” Goodhead said. “The courts will have to decide what should be handed per claimant or to each variety of claimant if different levels of distress have been felt.”
More details are expected in the next four to six weeks, according to Law360.
Article 82 of the EU General Data Protection Regulation states consumers have a right to compensation for inconvenience, distress, annoyance, and loss of control of their data.
The easyJet lawsuit demands the airline compensate each affected customer up to £2,000, meaning the total amount of the claim could reach £18 billion.
The plaintiffs are represented by David Blayney Q.C. and Sophie Holcombe of Serle Court; Benjamin Williams Q.C. and Shail Patel of 4 Square instructed by PGMBM (Pogust, Goodhead, Mousinho, Bianchini & Martins).
The easyJet Data Breach Group Litigation was filed by PGMBM in the High Court of London.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
