The breached data also included more than two thousand credit card details. Following this massive data breach, EasyJet is facing an £18 billion class-action lawsuit filed on behalf of the affected customers.
More about EasyJet’s Data Breach
According to the company’s official statement, a highly sophisticated attacker is to blame for the data breach. The skilled hacker gained access to nine million customers’ email addresses and travel details, and some credit card details as well. The data breach was announced on May 19:
Following discussions with the Information Commissioner’s Office (“ICO”), the Board of easyJet announces that it has been the target of an attack from a highly sophisticated source. As soon as we became aware of the attack, we took immediate steps to respond to and manage the incident and engaged leading forensic experts to investigate the issue. We also notified the National Cyber Security Centre and the ICO, the statement said.
EasyJet also closed off the unauthorized access. However, how the access was obtained has not been clarified in the statement.
The good news is that no evidence of misuse of personal information has been found. However, on the recommendation of the ICO, the company is “communicating with the approximately 9 million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing”.
The company is also advising its customers to be cautious of any communications purporting to come from easyJet or easyJet Holidays. As we have reported countless times, phishing campaigns are usually exploiting the names of well-known companies and brands to lure potential victims into revealing their personal and financial details.
EasyJet Class-Action Lawsuit
Following the data breach, EasyJet is now facing a legal issue, as PGMBM law firm has issues a class-action claim with a potential liability of £18 billion, which equals approximately £2,000 per impacted customer.
The lawsuit has been filed on behalf of impacted customers in the High Court of London. PGMBM says that while EasyJet informed the ICO about the incident, it failed to notify its customers back in January 2020 when the breach took place.
According to the law firm, “the sensitive personal data leaked includes full names, email addresses, and travel data that included departure dates, arrival dates, and booking dates. In particular, the exposure of details of individuals’ personal travel patterns may pose security risks to individuals and is a gross invasion of privacy.”
The class-action lawsuit is relying on GDPR legislation. GDPR gives consumers the right to demand compensation when their information is affected in security incidents.
Last year, WizzAir asked its customers to change their passwords, due to technical irregularity, which most likely was related to a hacking incident.