In May 2020, EasyJet hit the headlines when it was revealed that the email addresses and travel details of nine million people and the financial details of 2,208 customers had been breached. But it is not clear if the budget airline comprehends how significant this breach is. Or, if it does, it certainly is not owning up to it.
In a statement admitting to the EasyJet data breach, the company said that “there is no evidence that any personal information of any nature has been misused”. But it cannot possibly know what the impact of this hack will be. Just because it does not look like the data has been misused yet, doesn’t mean that it won’t be.
According to an article in The Independent, personal information “drives a higher price on the dark web” and “could be used for organised crime or ransomed”. Another article claims that “Airlines hold valuable personal information [that] could all be used by criminal organisations to commit identity fraud or further phishing campaigns as part of a larger operation”. Furthermore, most cyber security experts agree that it is too soon to say what has and will happen with the hacked customer data.
Certainly, we would advise anyone involved to beware of the following risks:
On its website, EasyJet says that it won’t be paying compensation to most customers. It states that:
“Apart from the very small subset of customers who we have already notified, no credit card details have been impacted. We therefore do not expect there to be any financial loss caused by this incident. We are advising customers to continue to be alert as they would normally be, especially should they receive any unsolicited communications”.
But the impact of the EasyJet data breach is likely to go much further than financial losses. And EasyJet does the nine million customers who have not had their financial data stolen a disservice to assume otherwise.
A personal data breach is a 21st-century version of being burgled. And, following a robbery, people often feel shock, anger, fear, helplessness, and panic. Some will go on to suffer from psychological problems, and existing conditions are often exacerbated.
Thankfully, over the last few years, people are waking up to the reality of mental health and there is a greater awareness about the lasting effects of physiological suffering and anguish. What is more, the law recognises the emotional damage that can be caused by a data protection failure, so EasyJet is unlikely to get away with it.
EasyJet knew about the hack as far back as January. So why did the airline take four months to warn customers that hackers had their personal information? Especially as, under the General Data Protection Regulation (GDPR), if a breach is likely to result in a “high risk of adversely affecting individuals’ rights and freedoms”, organisations inform those individuals without undue delay. Even customers who had their credit card details stolen in this hack were not told until early April.
We are now registering victims of this breach to a no-win, no-fee group action.
To become part of our EasyJet group action, we need you to register with us. We will then keep you updated about developments in this case as they happen. There are no costs to register and no obligation to proceed.
We have launched a group action against Capita. Group actions can be a powerful tool… Read More
Here are some of the questions our data protection experts have been asked about our… Read More
We have launched a group action against 2plan. Group actions can be a powerful tool… Read More
What happened in the 2plan data breach? Find out in our latest blog and claim… Read More
We have launched a group action against Southern Water. Group actions can be a powerful… Read More
Here are some of the questions we have been asked about our Southern Water data… Read More