A class-action lawsuit, filed against EasyJet for failing to prevent the breach of personal information of 9 million flyers, has signed up more than 10,000 affected flyers in less than a month after it was filed.
The class-action lawsuit was filed in late May by leading class action law firm PGMBM on behalf of 9 million affected EasyJet customers whose personal data was accessed by unauthorised parties. The lawsuit was filed under the Data Protection Act 2018 and PGMBM is claiming up to £2,000 per affected customer, taking the total claim to £18 billion.
"EasyJet announced on the 19th May 2020 that sensitive personal data of 9 million travellers had been exposed in a data breach. Despite notifying the UK’s Information Commissioner’s Office of the breach in January 2020, EasyJet waited four months to notify its customers," the firm said.
"The sensitive personal data leaked includes full names, email addresses and most disturbingly of all, travel data including departure dates, arrival dates and booking dates. In particular, the exposure of details of individuals’ personal travel patterns may pose security risks to individuals and is a gross invasion of privacy.
"Under Article 82 of the EU General Data Protection Regulation (EU-GDPR) you have a right to compensation for inconvenience, distress, annoyance and loss of control of your data," it added.
PGMBM stated in its website that it will first try to settle the claim with EasyJet by way of a pre-action letter. If that fails, the firm will take the case to a Group Litigation Order (a “GLO”) which is the mechanism by which the courts in England and Wales manage thousands of cases which are all brought together at the same time.
The firm added that if a quick settlement with EasyJet is achieved, affected flyers will be able to receive their compensation within the next six months. However, if EasyJet decides to fight it out in court, it may take two years or so for them to receive their compensation, provided EasyJet loses the case as well.
According to Insurance Journal, PGMBM has claimed that more than ten thousand EasyJet flyers, whose data was compromised as a result of the breach, have joined the class-action lawsuit against EasyJet.
On its part, EasyJet has contacted affected flyers whose travel information was accessed and is advising them about taking certain precautions to prevent hackers from using their personal information to target them.
The company also said it has succeeded in closing off the unauthorised access and has informed the Information Commissioner's Office as well as the National Cyber Security Centre about the security incident.
“We take issues of security extremely seriously and continue to invest to further enhance our security environment. EasyJet is in the process of contacting the relevant customers directly and affected customers will be notified no later than the 26th of May,” it said.
In response to the class-action lawsuit filed against it, the airline said: “We are aware that a class action law firm has filed a claim against EasyJet in the High Court and that other firms are advertising their services to do the same. This is not uncommon and just because these firms are advertising does not mean they have a strong claim.”