UK budget carrier easyJet is facing a £18bn class action lawsuit brought on behalf of customers affected by a data breach recently revealed.
Made public on May 19, easyJet said details belonging to nine million customers, including more than 2,200 credit card records, might have been exposed in a cyberattack.
As well as email addresses and travel data, the “highly advanced” intruder to blame for the security incident managed to access this financial information. EasyJet is also contacting travelers who have been affected.
The carrier did not clarify whether or exactly when the data breach happened, in addition to “locked off” “unauthorized entry.”
The National Cyber Security Center (NCSC) and the United Kingdom Information Commissioner ‘s Office (ICO) have been notified, the latter having the power to impose heavy GDPR fines if an investigation finds that the carrier has been lax in data protection and security.
Last year, British Airways received an ICO-filed “notice of intent” to fine the carrier £183.4 million for failing to safeguard the data of 500,000 customers in a data breach during 2018.
However, easyJet has a more immediate legal concern due to PGMBM, a law firm that has issued a class-action claim with a potential liability of £ 18 billion, or up to £ 2,000 per client that has been affected.
The case was brought on behalf of consumers in London’s High Court. According to the company, the data breach by easyJet happened in January 2020, and although the ICO was reportedly alerted at this time, consumers were not informed until four months later.
“The confidential sensitive data leaked contains full names , email addresses and travel details including departure dates, arrival dates and booking information,” says PGMBM. “In particular, revealing the information of personal travel patterns of individuals can pose security risks to individuals, and is a gross privacy invasion.”
The class action case is based on GDPR legislation that allows users the right to seek redress if their information in security incidents is breached.
Tom Goodhead, PGMBM Managing Partner, said the “monumental” data breach is a “terrible liability failure which has a severe effect on customers of easyJet.”
EasyJet said the firm “will not comment on the matter.”
In this month’s related news, Verizon ‘s latest Data Breach Investigation Report shows how a prevalent factor in data breaches, cloud-based databases and buckets misconfiguration, continues to be a issue that makes the size more noticeable due to increased coverage.
In addition, Verizon says configuration errors are now a growing phenomenon in data breaches, along with forms of malware including scrapers, the use of stolen credentials and phishing.