easyJet Hit With Highly Sophisticated Cyber Attack

Together we are Forbes

Article

19 May, 2020

Lisa_Atkinson
Lisa Atkinson
Associate

British Budget Airline Giant easyJet, has been the recent victim of a shocking data breach. A company investigation recently discovered the email addresses and travel details of around nine million customers have been accessed in the cyber- attack, acquiring the credit card details of more than 2,000 customers and exposing the email addresses and travel details of nine million others.

The company have announced that hackers have accessed the information in a "highly sophisticated" attack and that all customers affected will be contacted in the next few days to confirm what personal information has been misused. The Airline confirmed that it was contacting all those involved whose details were accessed and compromised as a matter of urgency to provide details on how they should take protective steps to minimise any risk of potential phishing and associated fraudulent activity .

A Spokesperson from easyJet stated:-

" We are urging all our customers to be alert, especially if they have received any communications recently that they weren't expecting".

Although the carrier advise that there is no evidence at the moment to suggest that any personal information of any nature has been misused, on the recommendation of the Information Commissioner's Office (ICO) they were now taking immediate steps to communicate with all of its 9 million customers whose travel details could have been accessed.

"We are advising customers to continue to be alert to any unsolicited communications".

What should you do if you think your details have been compromised?

  • Ensure that you cancel the credit / debit card used for the transaction
  • Flag the situation with your bank, the police, and the UK's Action Fraud hotline if you think your information has been compromised
  • Update the password used for your easyJet account
  • Update the password to any other accounts in which you may have used the same password so hackers are not able to log in to secondary accounts.

Ray Walsh, Digital and Privacy Expert at ProPrivacy.com, commented:

"This leaked information could easily go on to be used to launch targeted cyber-attacks at victims, using their travel history to create spear-phishing campaigns that leverage fake emails that appear to be from easyJet."

As a result of this breach easyJet are now likely to face a number of claims for compensation following the leak of its customers personal data into the public domain. The General Data Protection Regulations (GDPR) provide that personal information must be processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, and destruction or damage, through use of appropriate technical or organisational measures.

What sort of damages could you receive?

General Data Protection Regulation is still a developing area of law. In order to claim damages for a breach of data an individual will have to demonstrate that the breach was serious enough to have caused some harm and/or loss. The aim of compensation is to try and place the individual back in the same position as if the breach had not taken place. The compensation awarded can include injury to feelings and any consequential financial loss.

The bands of damages can be summarised as follows:

  • Lower Band - £900 - £8,600 (less serious cases where the discrimination is a one off incident or isolated in nature. For example, it did not happen in a public place, apologies were made.)
  • Middle Band - £8,600 - £25,700 (serious cases that do not fall within the higher band)
  • Higher Band - £25,700 - £42,900 (lengthy campaign of discrimination and harassment - particular rude or insensitive language, public place, whether it relates to personal/intimate part of life, depression or illness is caused as a result of the act of discrimination.)

The Information Commissioner has now been brought in to investigate the matter, and although they have no authority to award compensation, they can impose heavy fines on easyjet which will be helpful in assisting potential victims in reaching successful outcomes for compensation claims.

If you believe your data has been breached by easyjet and you have suffered injury, loss or distress as a result then please contact a member of our Data Breach Claims team at Forbes Solicitors on 01254 872 111 to discuss your case. Depending on the merit of your claim we may be prepared to act for you on a No Win No Fee basis / Conditional Fee Agreement. For more information contact us via email or phone on 01254 872 111. Alternatively send any question through to Forbes Solicitors via our online Contact Form.

Learn more about our Data Breach Claims department here

Why getting legal advice is important before engaging in a pre-…

Inheritance tax exemption extended to NHS frontline workers

Contact Us

Get in touch to see how our experts could help you.

Call0800 689 3206

CallRequest a call back

EmailSend us an email

Make an Enquiry

Contacting Us

Monday to Friday:
09:00 to 17:00

Saturday and Sunday:
Closed