British airline EasyJet could be facing more woes after a huge class-action lawsuit was filed by a firm representing those affected by a major data breach.
The company disclosed on May 19 that their systems had been breached, with the personal data of nine million customers leaked online.
The suit was filed at the UK High Court by PGMBM, a law firm specialising in group legal action. The action is worth £18 billion and if successful, could result in each customer receiving a £2000 payout.
A team consisting of Queen’s Counsel as well as junior lawyers from Serle Court and 4 New Square chambers have been briefed on the case.
“This is a monumental data breach and a terrible failure of responsibility that has a serious impact on easyJet’s customers,” said Tom Goodhead, PGMBM managing partner.
While EasyJet disclosed the breach on May 19, it has since emerged that the incident took place in January, meaning that the company took four months to inform its customers about the tangible risk that they were being targeted by cyber criminals.
The data leaked includes names, email addresses, financial information of more than 2000 customers, and travel data such as dates, reference numbers and booking values. PGMBM claims that the exposure of travel information such as travel patterns poses a serious security risk to the affected individuals. The law firm has invited affected EasyJet customers, regardless of geographical location, to join the lawsuit on a no-win, no-pay basis.
However, it appears that EasyJet did inform the Information Commissioner’s Office (ICO) of the breach in good time. An ICO spokesperson has confirmed that an investigation into the breach is ongoing.