Close this search box.

EasyJet customers are still fighting for justice. It’s not too late to join them!

Back in 2020, over nine million EasyJet customers had their personal information hacked. The huge breach is one of the UK’s biggest ever data privacy failures. Despite the magnitude of the attack, the UK’s data protection authority has ceased its investigation into the incident. As a result, EasyJet avoids facing any financial penalties for its failure to safeguard customer data.

What happened in the EasyJet data breach?

The personal details of nine million EasyJet customers, along with the financial data of over 2,000, was accessed in a sophisticated cyber-attack. Those impacted had booked flights between 17th October 2019 and 4th March 2020.

Despite the airline’s assurances that no evidence of financial harm surfaced, Action Fraud confirmed numerous reports linked to the EasyJet data breach. Disturbingly, some victims fell prey to identity theft and fake ticket fraud. One individual suffered a loss of £2,750 in the aftermath of the cyber-attack.

Even in cases where there are no financial losses, the emotional toll of such violations can be severe. Recognising this, the law acknowledges the profound impact a breach can have on mental well-being, permitting individuals to seek compensation for any resulting psychological anguish.

Why isn’t EasyJet being fined for the data breach?

In August 2023, the Information Commissioner’s Office (ICO) terminated its investigation into the EasyJet data breach. The ICO is the UK’s data protection regulator. Following serious breaches of the UK’s data protection laws, it has the power to issue fines of up to £17.5 million or 4% of an organisation’s annual worldwide turnover, whichever is higher. For example, following a data breach at British Airways, the airline was eventually fined £20 million by the ICO in 2020. In this case hackers harvested the data of almost 400,000 customers.

Despite the scale of the EasyJet hack, the ICO has dropped its investigation into the matter blaming “limited legal and investigative resources”. Worryingly, the decision appears to be based on how overloaded the regulator is, rather than the merits of the case. According to data breach solicitors KP Law “We should all be incredibly concerned if the ICO is so under-resourced that it cannot hold big companies to account for their serious data protection failings.”

So, has EasyJet got away with it?

Not quite. Following large scale data breaches there are two ways to hold companies to account:

  • Make a report to the ICO. The ICO will decide whether or not to investigate the breach, and has the power to fine companies if poor security measures made the hack possible.
  • Make a data breach claim. Even if the ICO does issue a fine, this money does not go to victims of the breach. The only way people can force a company to pay compensation for its failure to protect their data rights is to take legal action.

Making an EasyJet data breach claim is easy

If you booked flights with EasyJet from 17 October 2019 to 4 March 2020 and have been notified that your data was involved in the breach, you could have a NO-WIN, NO- FEE compensation claim.

Our simple eligibility checker provides instant clarity. Answer a few straightforward questions, and you’ll know if you could qualify for an EasyJet data breach group action claim.

Stay informed about compensation YOU could be entitled to!

Subscribe to our newsletter and get breaking news on the latest consumer injustices and group claims.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may also like:

In January 2024, the High Court ruled that drivers could sue BMW for fitting some diesel vehicles with devices that tricked emissions tests. The illegal devices made it seem like BMW’s diesel cars were less-polluting than they actually were.
The Equal Pay Act protects employees from unfair discrimination in the workplace. The law states that both men and women should be paid equally where they are doing the same job (or one of equal value). This means companies can't treat you differently based on your gender when it comes to pay.
After a cyberattack in March 2023, pension holders across the UK had their data stolen. In the wake of this breach, law firms are rallying to help those affected. Their mission: to pursue justice and secure compensation for victims of the Capita data breach.