Easyjet is bracing itself against an £18 billion group class action that has been filed against it by customers impacted by the recent large-scale data breach.
International law firm PGMBM said it has issued a class action claim in the High Court of London with a potential liability of £18 billion, calculations reveal customers may be entitled to compensation of around £2,000 each.
The move follows the budget airline’s announcement it had been the subject of a “highly sophisticated cyber-attack” on May 19 in which the email addresses and travel details of around nine million customers were accessed as well as the credit card details of 2,208 customers.
PGMBM said that although the airline had announced the breach on May 19, it actually occurred four months earlier, in January, and said easyJet had failed to notify its customers until now.
PGMBM said it was taking the action under Article 82 of the EU General Data Protection Regulation (EU-GDPR), which gives customers the right to compensation for inconvenience, distress, annoyance, and loss of control of their personal data.
The firm is seeking a group litigation order and urging all those affected to come forward and join the claim for compensation. Managing partner Tom Goodhead said: “This is a monumental data breach and a terrible failure of responsibility that has a serious impact on easyJet’s customers.
“This is personal information that we trust companies with, and customers rightly expect that every effort is made to protect their privacy. Unfortunately, EasyJet has leaked sensitive personal information of nine million customers from all around the world.”