020 7650 1200


EasyJet likely to face significant compensation claims from customers over huge data breach

Leading data protection lawyers have said that EasyJet is likely to face significant legal action after it revealed today that the personal details of over nine million customers had been hacked as a result of a cyber-attack.

Posted on 19 May 2020

In a statement to the stock market, EasyJet revealed that the email addresses and travel details of affected customers were accessed.  Additionally, in over 2,000 of these cases, customers’ credit card details were also accessed.

EasyJet state that they have already contacted all customers whose credit card details have been accessed and will be contacting the other customers affected over the next few days in order “to advise them of protective steps to minimise any risk of potential phishing.”  

EasyJet says that affected customers will be notified no later than 26 May, 2020.  In the meantime, EasyJet is advising customers to continue to be alert particularly in relation to receiving any unsolicited communications as well as being cautious of any communications purporting to come from EasyJet or EasyJet Holidays.

Sean Humber and Gene Matthews from law firm Leigh Day, who act for hundreds of clients whose personal details have been disclosed without their permission as a result of data breaches, both commented on the incident.

Sean Humber, data breach solicitor from law firm Leigh Day, said:

“Sadly, with nine million customers affected, this makes it one of the UK’s largest ever data breaches.  Unfortunately, EasyJet has so far only issued a very short statement that leaves many questions unanswered.  

“It remains unclear quite what personal details of customers were taken, when the cyber-attack occurred and when EasyJet first found out about it.  Even more worrying, most EasyJet customers don’t yet know if they have been affected or not and may not be told for another week.

“The Information Commissioner’s Office and National Cyber Security Centre are now investigating the matter, including how hackers were able to customers’ personal details.  If it turns out that EasyJet’s cyber-security measures were inadequate, it is likely that they will face significant claims for compensation from affected customers for failing to keep their personal information safe on top of a substantial fine from the ICO.”  

Gene Matthews, data breach solicitor from law firm Leigh Day, added:

“Clearly, if it turns out that personal information, including names, addresses and credit card details have been taken that would be extremely worrying for those millions of affected EasyJet customers. This would potentially become a ‘fraudster’s dream’.   Unfortunately we have seen information like this being used by fraudsters to defraud our clients in a variety of different ways in the past.  This includes sending emails to the person purporting to be from reputable companies in order to induce the individual to reveal further personal information (phishing) and using the person’s stolen information to open bogus accounts in their name (ID fraud).  I think it is critical that EasyJet now take immediate steps to try and protect customers from this potential harm.”

If you are a EasyJet customer who has been affected by the data breach and wish more to receive more information about bringing a claim for compensation then please complete our form.