What evidence do you need to join our EasyJet data breach group action?

Easyjet data breach

On 19th May 2020, EasyJet confirmed that it had been the target of a highly sophisticated hack. Nine million people had their email address and travel information accessed (name, origin airport, destination and departure date) in the EasyJet breach, while another 2,208 customers had their financial (credit card details including CVV) stolen. All of this information can be used by cybercriminals to commit further crimes.

In response, we have launched a group action against EasyJet. Group actions can be a powerful tool and can have a bigger impact than a single claim.


But what evidence will we ask you to provide if you join our group action claim?  

1. Confirmation that you were involved in the EasyJet data breach

When you register to join our group action, one of the first things we’ll ask, is whether you have received notification from EasyJet that your details have been breached. Everyone who had their financial information hacked was informed in early April. And, by now, the nine million people who had their travel data compromised (this includes your name, email address, origin airport, destination, and departure date), should also have been informed. 

If EasyJet hasn’t been in touch, it is unlikely that you were involved in this breach. However, if you booked a flight with EasyJet from 17th October 2019 to 4th March 2020, you should check your spam folder just in case as we will require this confirmation to add you to our data breach group action.

2. Details of any phishing attacks or scams you have experienced that you believe are linked to the data breach

Many of our clients have seen a rise in attempted phishing scams since the EasyJet data hack. Phishing occurs when a cybercriminal poses as a legitimate organisation, the police, or someone else you trust to trick you into handing over sensitive information such as usernames, passwords, financial data, etc.

Because of COVID-19, there is heightened concern about the personal data in this hack being used for online scams. And cybercriminals will likely try to take advantage of people who are cancelling flights because of the pandemic.

If you experience any phishing or other scam attempts that you believe are linked to this data breach, please make a note of these and keep any evidence. If you decide to make a data breach claim, we can use this to support your case. In particular, let us know of any fraudulent communications purporting to come from easyJet or easyJet Holidays.

However, you do not need this to join our EasyJet data breach group action.

3. Details of any money lost because of the EasyJet data breach

Over 2,200 customers had their credit card details stolen in the EasyJet data hack. Some of these people may have had their card information used fraudulently. Even if your financial data wasn’t included in the breach, you could still have suffered a loss if a phishing scammer was able to use your personal data against you.

If you experience any financial loss because of this data breach, please make a note of this and keep any evidence (e.g. bank statements, correspondence, etc.). However, contrary to what we have seen reported in the media, you do not need to have lost money to make a data breach claim.

4. Details of any mental health conditions caused or made worse because of the data breach

The impact of data breaches goes much further than financial losses. Many victims go on to suffer from stress, anxiety and distress. Following a robbery, people often feel shock, anger, fear, helplessness and panic. A personal data breach is a 21st-century version of being burgled.

If you experience emotional distress because of this data breach, please make a note of this and keep any evidence (e.g. details about medical appointments/prescriptions that relate to this data breach).

5. Details of any expenses or inconvenience incurred

Following a data breach, people often have to spend a significant amount of time on the phone to their bank, and/or to the credit reference agencies to rectify any dips. Sometimes, there are travel costs and medical expenses required. And it might be possible to add these to your claim.

It is not unusual that – on reviewing a data breach impact form – we uncover information that allows us to increase the value of a claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. So, please keep a hold of anything that might be useful just in case.

Join our EasyJet data breach group action

We are now registering victims of this breach to a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim.

EasyJet took four months to warn customers that hackers had their personal information, so, you might have already experienced phishing attempts and financial losses because of the breach. Even if you didn’t know that was the reason before now, if this has happened to you, we encourage you to let us know. However, the full impact of a data breach is often not felt until months after the initial violation, so once you join our group action, we will give you plenty of opportunities to update us should your situation worsen.

It’s easy to join our EasyJet group action. There are also no costs to register and no obligation to proceed.

In March 2024, our firm changed its name to KP Law. 

Share this article: