EasyJet announced in May 2020 that the personal data of nine million customers from around the world had been exposed in a data breach. The breach itself occurred in January 2020 and EasyJet did notify the UK Information Commissioner’s Office at that time, but did not tell its customers till April.
Details stolen in the breach include full names, email addresses and travel data with departure dates, arrival dates and booking dates.
Also 2,208 customers had their credit card details accessed after EasyJet was hacked.
A class action claim has been brought against EasyJet by law firm PGMBM.
PGMBM said that the exposure of details of individuals’ personal travel patterns may pose security risks to individuals and is a gross invasion of privacy. Also that under Article 82 of the EU General Data Protection Regulation (EU-GDPR), customers have a right to compensation for inconvenience, distress, annoyance and loss of control of their personal data.
For any Easyjet customers who wish to join the claim there is information available at www.theeasyjetclaim.com.
- Are EasyJet customers at risk?
EasyJet says that “there is no evidence that any personal information of any nature has been misused”.
“This was a highly sophisticated attacker. It took time to understand the scope of the attack and to identify who had been impacted. We could only inform people once the investigation had progressed enough that we were able to identify whether any individuals have been affected, then who had been impacted and what information had been accessed”.
“In April, we notified a small group of customers whose credit card details had been impacted and offered them support including a dedicated helpline and monitoring”.
“Passwords have not been impacted by this incident”.
Easyjet say that they have contacted all customers who have been impacted. If you have not heard from EasyJet directly, your information is not affected by the incident.
If you have any issues over this data breach, do let me know, by email.