In May 2020 hackers obtained the personal details of 9 million Easyjet customers and the credit card details of a further 2,000+.

Sabrina Goran (sabrina.goran@irwinmitchell.com) comments on a potential group claim against the airline.

A cyber-attack on EasyJet earlier this year has resulted in the exposure of the email addresses and flight details of nine million of its customers, and the credit card details of 2,208 of those customers. EasyJet reportedly notified affected customers by email in May. 

The ICO has confirmed it is investigating the breach. The maximum fine the ICO could issue in respect of a serious data breach is €20,000,000 or 4% of the global annual turnover. 

The General Data Protection Regulation (GDPR), allows individuals to bring claims for damages for distress in respect of data breaches such as this. Individuals are not required to have suffered any direct financial loss in order to receive compensation in respect of a data breach. Law firm PGMBM has confirmed it has issued a claim form on behalf of the impacted customers and is seeking to recover up to £2,000 per impacted customer.