A specialist in group litigation has filed a potential £18bn class action claim against easyJet in London’s High Court, following the firm’s major data breach disclosure last week.
International law firm PGMBM said it had been contacted by “numerous affected people” and is urging more to come forward to join the case, which would pay out £2000 per impacted customer.
It clarified that Article 82 of EU General Data Protection Regulation (GDPR) grants customers the right to compensation for inconvenience, distress, annoyance and loss of control of their personal data.
The Luton-headquartered airline revealed last week that a “highly sophisticated” attack on its IT infrastructure had compromised email addresses and travel details of nine million passengers, as well as the credit card details of just over 2200.
Despite claiming that it had no evidence that any of the stolen info had been misused, the airline warned those affected about follow-on phishing attacks.
Although it notified UK regulator the Information Commissioner’s Office (ICO) back in January, at around the time of the incident, it took several months for the firm to come clean to customers.
PGMBM has also claimed that the exposure of customers’ travel plans could pose security risks to those individuals, as well as being a gross invasion of privacy.
“This is a monumental data breach and a terrible failure of responsibility that has a serious impact on easyJet’s customers,” argued managing partner, Tom Goodhead.
“This is personal information that we trust companies with, and customers rightly expect that every effort is made to protect their privacy. Unfortunately, easyJet has leaked sensitive personal information of nine million customers from all around of the world.”
The case highlights the potentially serious financial repercussions of a major data breach, on top of the large fines GDPR regulators can theoretically impose.
The ICO has come in for some criticism recently after reports emerged that it may be considering a significantly lower fine than the £183.4m figure posted in a notice of intent last summer, in response to a major breach at British Airways.