Nine million customers’ details hacked in EasyJet data breach

Easyjet data breach

EasyJet has fallen victim to hackers. According to the airline, the personal details of nine million customers have been stolen and 2,208 customers have also had their credit card details accessed. And, while a spokesperson says there is no evidence that this information has been misused by criminals, we would urge victims of the EasyJet data breach to take urgent steps to protect themselves.

What do we know about the EasyJet data breach?


Highly sophisticated hackers have successfully carried out a cyber-attack on the discount airline. The information that has been breached includes the email addresses and travel details of nine million people and the financial details of over 2,200 customers.

We don’t yet know when the incident was identified and how long the violation lasted before it was stopped.

EasyJet has apologised for the breach and has attempted to reassure customers that it takes the safety and security of their information very seriously. The company has reported itself to the Information Commissioner’s Office (ICO) and National Cyber Security Centre.

Under current data protection legislation, EasyJet must inform everyone who is affected by this data breach and EasyJet should have notified everyone involved by no later than 26th of May. If you have been a customer of EasyJet, we advise you to check for this communication (and check your spam folder in case it has been directed there).

What will happen next?


The ICO – which is the UK’s data protection regulator – is investigating the breach. If EasyJet is found to have poor security processes, it will face a substantial fine. BA has been fined £183m by the ICO for a similar breach in 2018. However, even if the ICO fines EasyJet, none of this money will go to victims of the hack.

A data breach can result in both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. Even an email address can be used to extract additional data and cause harm.

And the impact of data breaches goes much further than financial losses. Many victims go on to suffer from stress, anxiety and distress. Furthermore, the effects of a data hack might not be immediately apparent.

Join our EasyJet data breach group action


In addition to implementing the suggested security steps, if EasyJet has failed to uphold your data security rights, you should consider making a compensation claim.

Our expert data breach lawyers are watching this case with interest, and, if it transpires that EasyJet has failed to protect its customers, we will launch a no-win, no-fee group litigation action.

Group actions can be a powerful tool and can have a bigger impact than a single claim.

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen. There are no costs to register and no obligation to proceed.

In March 2024, our firm changed its name to KP Law. 

Share this article: