EasyJet is facing an £18 billion (US$22.2B) class-action lawsuit filed on behalf of nine million customers affected by a cyber attack on the budget airline.
The breach occurred in January this year, at which time easyJet had notified the UK’s Information Commissioner’s Office (ICO). However, it wasn't until May 19 that easyJet publicly announced it had been the victim of "an attack from a highly sophisticated source" and the "email address and travel details of approximately nine million customers were accessed", as well as 2,208 credit card details.
The suit, if successful, would pay out £2000 (US$2,400) for each impacted customer, citing an EU regulation that affords customers "the right to receive compensation from the controller or processor for the damage suffered."
"This is a monumental data breach and a terrible failure of responsibility that has a serious impact on easyJet's customers," said Tom Goodhead, of PGMBM, the law firm which has issued the claim. "This is personal information that we trust companies with, and customers rightly expect that every effort is made to protect their privacy."
PGMBM also expressed its concern that knowledge of customer's personal travel patterns is a gross invasion of privacy and may pose a security risk to those affected.
In its May announcement, easyJet apologised "that this has happened" and stated that "we take issues of security extremely seriously". However, in the wake of the British Airways data breach, which saw the details of 500,000 customers compromised and the airline fined £183 million (US$225M) in July 2019, easyJet can't expect to get off lightly. That said, they might be slightly more concerned about footing the bill for £18 billion.
