
Nine million EasyJet customer details lost in data breach

In May 2020 hackers obtained the personal details of 9 million Easyjet customers and the credit card details of a further 2,000+.
15.06.2020
Sabrina Goran (sabrina.goran@irwinmitchell.com) comments on a potential group claim against the airline.
A cyber-attack on EasyJet earlier this year has resulted in the exposure of the email addresses and flight details of nine million of its customers, and the credit card details of 2,208 of those customers. EasyJet reportedly notified affected customers by email in May.
The ICO has confirmed it is investigating the breach. The maximum fine the ICO could issue in respect of a serious data breach is €20,000,000 or 4% of the global annual turnover.
The General Data Protection Regulation (GDPR), allows individuals to bring claims for damages for distress in respect of data breaches such as this. Individuals are not required to have suffered any direct financial loss in order to receive compensation in respect of a data breach. Law firm PGMBM has confirmed it has issued a claim form on behalf of the impacted customers and is seeking to recover up to £2,000 per impacted customer.
https://www.cityam.com/easyjet-woes-grow-after-it-is-hit-with-massive-group-action-claim-over-data-breach/
Key Contacts

Related Articles
Expert CommentConsumer Duty moves from supervision to enforcementNew publication provides insight on Consumer Duty
Expert CommentIndependent Football Regulator final rules: A practical perspective for clubsThe publication of the Independent Football Regulator (IFR) final rules and guidance on 1 July 2026 mark an important milestone in the implementation of the Football Governance Act 2025.
Expert CommentFCA consultation on penalty decision-making: practical implications for firmsOn 15 June 2026, the Financial Conduct Authority (“FCA”) published a new consultation (“the Consultation”) proposing targeted reforms to how financial penalties are assessed and applied in enforcement cases when the FCA has concluded that its rules have been broken by regulated firms or individuals .


