Why didn’t EasyJet offer all victims compensation for its data breach?

Plane window

In 2020, EasyJet admitted that the personal details of nine million customers and the financial data of over 2,000 passengers were accessed in a sophisticated cyber-attack. At that time, the airline made it clear that it did not want to offer compensation to the vast majority of victims.

This is an all too familiar story following a data breach. But, despite rumours that EasyJet might have offered a settlement to those at “significant financial risk”, we advised those victims to think very carefully before accepting any such offer should it be made. Here’s why…

The compensation offered is usually less than victims deserve

All too often, organisations that have suffered a data breach are more concerned about limiting their exposure to liability than helping victims. So, while they might offer some money after a data breach, in our experience, they are less concerned about ensuring people are fully reimbursed for the long-term and often psychological effects.

Indeed, we often see companies make low offers of compensation in an attempt to get people to accept a small sum and prevent group litigation.

But we would expect any large business to have insurance in place to protect itself against cyberattacks and data breaches. Let’s face it, there are very few companies that don’t face cyber risk in this day and age, so businesses like EasyJet should be able to compensate victims properly.

Cybercriminals can do serious damage with your financial data

With enough financial information, cybercriminals set up fraudulent bank accounts and access your existing accounts. They can make payments and even apply for credit/loans.

Some financial information can also be used in targeted scams in an attempt to extract additional information from victims (phishing). And hackers often sell stolen financial data to other criminals to use in future scams.

Even if no money is lost, the impact of a financial data breach can be significant. Many victims go on to suffer from stress, anxiety, and distress due to living with added risk and the extra vigilance needed. To make matters worse, the effects of a data hack might not be immediately apparent, as information is often used in batches over time. So there is no quick fix.

We understand that the full impact of a data breach is often not felt until months after the initial violation, so we refuse to let people be fobbed off. We believe that your suffering should be taken seriously.

The amount of compensation you get should reflect the losses you have suffered

We take a long-term view when it comes to claiming compensation on your behalf. This means we look at a whole range of factors, so you do not lose out financially. What’s more, when we review a client’s experience following a data breach, we often uncover information that allows us to increase the value of their claim significantly. What might seem irrelevant to you could make a huge difference in the eyes of the law. That’s why it’s vital that you don’t simply accept a low offer that could be designed to make you go away.

Why hasn’t everyone been offered compensation?

In a statement on its website, EasyJet said that:

“Apart from the very small subset of customers who we have already notified, no credit card details have been impacted.  We therefore do not expect there to be any financial loss caused by this incident.  We are advising customers to continue to be alert as they would normally be, especially should they receive any unsolicited communications”.

This statement proved that EasyJet did not take responsibility for failing to protect its customers. The airline might think that there was “no evidence that any personal information of any nature has been misused”, but, as we have already established, the impact of data breaches goes much further than financial losses, and it does these nine million customers a disservice to assume otherwise.

Following a robbery, people often feel shock, anger, fear, helplessness, and panic. Some will go on to suffer from psychological problems, and existing conditions can be exacerbated. Thankfully, over the last few years, people are waking up to the reality of mental health, and there is a greater awareness about the lasting effects of physiological suffering and anguish.

What is more, the law understands the damage that can be caused by worry and upset. So you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not lost any money.

What’s more, even if your financial data hasn’t been stolen, your personal information could still be used for nefarious purposes. According to a report in the Independent:

“Experts suggest that personal information “drives a higher price on the dark web” – the area of the internet inaccessible by mainstream search engines – and could be used for organised crime or ransomed.”

So, the risk to everyone involved – regardless of whether they have had their financial or personal data accessed – is very real.

Has EasyJet put you at risk?

We are representing people concerned that EasyJet has breached their financial or personal data, many of whom are understandably upset and anxious about the breach.

We believe that EasyJet failed to uphold its customers’ data security rights and have launched a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim.

Register now to join our EasyJet group action. There are no costs to sign-up and no obligation to proceed.

In March 2024, our firm changed its name to KP Law. 

Share this article: