19 May, 2020
British Budget Airline Giant easyJet, has been the recent victim of a shocking data breach. A company investigation recently discovered the email addresses and travel details of around nine million customers have been accessed in the cyber- attack, acquiring the credit card details of more than 2,000 customers and exposing the email addresses and travel details of nine million others.
The company have announced that hackers have accessed the information in a "highly sophisticated" attack and that all customers affected will be contacted in the next few days to confirm what personal information has been misused. The Airline confirmed that it was contacting all those involved whose details were accessed and compromised as a matter of urgency to provide details on how they should take protective steps to minimise any risk of potential phishing and associated fraudulent activity .
A Spokesperson from easyJet stated:-
" We are urging all our customers to be alert, especially if they have received any communications recently that they weren't expecting".
Although the carrier advise that there is no evidence at the moment to suggest that any personal information of any nature has been misused, on the recommendation of the Information Commissioner's Office (ICO) they were now taking immediate steps to communicate with all of its 9 million customers whose travel details could have been accessed.
"We are advising customers to continue to be alert to any unsolicited communications".
Ray Walsh, Digital and Privacy Expert at ProPrivacy.com, commented:
"This leaked information could easily go on to be used to launch targeted cyber-attacks at victims, using their travel history to create spear-phishing campaigns that leverage fake emails that appear to be from easyJet."
As a result of this breach easyJet are now likely to face a number of claims for compensation following the leak of its customers personal data into the public domain. The General Data Protection Regulations (GDPR) provide that personal information must be processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, and destruction or damage, through use of appropriate technical or organisational measures.
General Data Protection Regulation is still a developing area of law. In order to claim damages for a breach of data an individual will have to demonstrate that the breach was serious enough to have caused some harm and/or loss. The aim of compensation is to try and place the individual back in the same position as if the breach had not taken place. The compensation awarded can include injury to feelings and any consequential financial loss.
The bands of damages can be summarised as follows:
The Information Commissioner has now been brought in to investigate the matter, and although they have no authority to award compensation, they can impose heavy fines on easyjet which will be helpful in assisting potential victims in reaching successful outcomes for compensation claims.
If you believe your data has been breached by easyjet and you have suffered injury, loss or distress as a result then please contact a member of our Data Breach Claims team at Forbes Solicitors on 01254 872 111 to discuss your case. Depending on the merit of your claim we may be prepared to act for you on a No Win No Fee basis / Conditional Fee Agreement. For more information contact us via email or phone on 01254 872 111. Alternatively send any question through to Forbes Solicitors via our online Contact Form.