Know the risks & stay safe following the EasyJet data hack

unlocked padlock on computer components

In 2020, highly sophisticated hackers successfully carried out a cyber-attack on discount airline EasyJet. The information breached in this hack included the email addresses and travel details of nine million people and the financial details of 2,208 customers.

If you were informed that your information was breached*, it is essential that you understand the risks and take steps to protect yourself.

The risk of scams

Victims of the EasyJet data hack could be targeted by phishing scammers. Phishing occurs when a cybercriminal poses as a legitimate organisation, the police, or someone else you trust to trick you into handing over sensitive information such as usernames, passwords, financial data, etc.

In particular, EasyJet has advised customers to be cautious of any communications purporting to come from easyJet or easyJet Holidays. You should also follow these tips to protect yourself from phishing scams:

  • Always question uninvited approaches in case it is a scam and do not assume an email or phone call is authentic.
  • Know that, just because someone knows your details (such as your name and address or even your mother’s maiden name), it does not mean they are genuine.
  • Never disclose security details, such as your PIN or full banking password.
  • Do not click any suspicious links that claim to be from your bank (or anyone else). Always go to the organisation’s website by entering its proper address (or searching for it online).
  • Make sure your devices are protected by internet security software and keep this up to date.
  • Be aware of common phishing techniques and keep an eye out for fraudsters who attempt to gather additional personal information.
  • Listen to your instincts and stop conversations immediately if you are at all worried. A reputable organisation will never stop you from carrying out security checks.

Because of COVID-19, there is also heightened concern about personal data being used for online scams. And hackers will likely try to take advantage of people who are cancelling flights because of the pandemic. What is more, people are more susceptible to scans when they are already anxious, and the combination of being hacked and coping with the pandemic is likely to cause additional stress. Hackers may try to take advantage of this, so you must be on your guard.

As well as being careful of any communications that claim to come from easyJet or easyJet Holidays, people should beware in case the data accessed in this hack is used in additional COVID-19 scams

Six months after the EasyJet data breach, over 50% of all clients signed up to our action have experienced spam attempts that they believe are a result of this breach.

The risk of financial fraud/theft

Over 2,200 customers had their credit card details accessed in the EasyJet data hack. With enough financial information, cybercriminals can set up fraudulent bank accounts and access your existing accounts. They can also make payments using your data, and even apply for credit/loans.

According to the BBC: the “stolen credit card data included the three digit security code – known as the CVV number – on the back of the card itself”. This is especially worrying as it makes it much easier for cybercriminals to misuse card information.

EasyJet warned customers whose credit card details were stolen in early April. If you were told your data was included in this breach and you have not already put steps in place to protect your finances, you must do so immediately. This includes:

  • Contacting your bank or credit card provider to let them know your data was violated (you should be issued with a new card and the bank might put additional security steps in place).
  • Keeping an eye on your transactions and contacting your bank or credit card provider immediately if you spot any unfamiliar or suspicious activity.
  • Keeping an eye on your credit score for any unexpected dips.
  • Contacting all the major credit reference agencies to ensure credit is not taken out in your name.
  • Understanding that a legitimate bank or other financial organisation will never contact you ask for your PIN or full password or ask you to move money to another account for fraud reasons.
  • Registering with the Cifas protective registration service if you want to put an additional layer of security in place. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is you.

In addition, you should look out for phishing scams that attempt to use your financial data against you.

Six months after the EasyJet data breach, 20% of all clients signed up to our action have experienced fraudulent transactions or have had to cancel their cards to protect themselves from possible fraud attempts.

The risk of developing/ exacerbating mental health conditions

The impact of data breaches goes much further than financial losses. Many victims go on to suffer from stress, anxiety, and distress. Furthermore, the psychological effects of a data hack might not be immediately apparent. Knowing that your information has been “burgled” and living with the increased risk and the extra vigilance needed can all cause distress to victims over time.

Six months after the EasyJet data breach, 86% of all clients signed up to our action have suffered some form of personal distress/stress. So, following the EasyJet data breach, victims must keep an eye on their emotional wellbeing to ensure that their mental health does not suffer.

Has EasyJet put you at risk?

We are registering victims of the EasyJet data breach to a no-win, no-fee group action. Group actions can be a powerful tool and can have a bigger impact than a single claim. The law understands the damage that can be caused by worry and upset, so you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

There are no costs to register and no obligation to proceed.

* All passengers involved in the EasyJet data hack were contacted by 26th May at the latest

In March 2024, our firm changed its name to KP Law. 

Share this article: