Easyjet faces ‘class action’ in the UK following a data breach

UK law firm PGMBM has issued a claim in the High Court in London against EasyJet, which on 19 May announced that sensitive personal data of 9 million travellers had been exposed in a data breach.

PGMBM says that despite notifying the UK’s Information Commissioner’s Office of the breach in January 2020, EasyJet waited four months to notify its customers.

PGMBM believes individuals may receive up to £2,000 or more in certain cases, and will take up to 30% of the damages paid in this “no-win no-fee” case.

The law firm is seeking a "Group Litigation Order", which requires an opt-in from the individuals affected. The law firm will then combine the claims together for a single group action. PGMBM hopes that thousands or millions of individuals affected by the breach will join the action.

Easyjet has said that the breach was due to a “highly sophisticated cyber-attack”. The data that has been breached includes credit card details and travel details, email addresses etc.

See PGMBM - Easyjet Data Breach Compensation, with FAQs