CVV security numbers exposed in EasyJet breach

Easyjet data breach

The more details come to light about the EasyJet data breach, the worse it gets. Earlier this year, the airline admitted that (as well as the personal details of nine million customers), over 2,208 passengers had their credit card details accessed in the EasyJet hack.  And since then, according to the BBC:

Stolen credit card data included the three digital security code – known as the CVV number – on the back of the card itself”.

Why is the CVV number so important?

The CVV number provides added security against scams. It is needed to complete any transactions that are carried out online using a card. Under worldwide Payment Card Industry Data Security Standards (PCI DSS) companies are not allowed to save information about CVV numbers, because, if a hack takes place, it is very difficult for anyone a cybercriminal to misuse card information without it.  

And, while EasyJet are trying to PR the data breach as having information ‘accessed’ rather than ‘stolen’, if a hacker gets hold of your CVV number (along with other data), however they spin it, the results could be disastrous.

What can cybercriminals do with your financial data?

With enough financial information, cybercriminals set up fraudulent bank accounts and access your existing accounts. They can make payments using your data, and even apply for credit/loans.

Some financial data can also be used in targeted scams in an attempt to extract additional information from victims (e.g. banking passwords etc.). And hackers often sell stolen financial data to other criminals to use in future scams.

Even if no money is lost, the impact of a financial data breach can be significant. Many victims go on to suffer from stress, anxiety and distress due to living with the added risk and the extra vigilance needed. To make matters worse, the effects of a data hack might not be immediately apparent, as information is often used in batches over time. So there is no quick fix.

Protect your finances immediately

Customers whose credit card details were stolen in the EasyJet data breach were informed in early April. Although, we question why there was such a significant delay when the airline knew about the breach in January. If you were told your data was included in this breach and you haven’t already put steps in place to protect your finances, you must do so immediately.

There is a further threat to watch out for

In addition to the immediate financial threat, there is a secondary risk to look out for – and that’s phishing.

Phishing is where a fraudster poses as a legitimate organisation (e.g. EasyJet), the police, or someone else you trust to trick you into handing over sensitive information such as usernames and passwords. To protect yourself from phishing attempts we recommend that you be on your guard against attempts to extract further information from you.

Has EasyJet put you at risk?


We have been contacted by people concerned that EasyJet has breached their financial data; many of whom are understandably upset and anxious about the breach.

We believe that EasyJet may have failed to uphold your data security rights. Not just because of the initial hack, but because of the delay in informing customers. As such, we are now registering victims of this breach to a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim.

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.

In March 2024, our firm changed its name to KP Law. 

Share this article: