EasyJet is facing a legal claim brought by thousands of its customers after the airline last month said the personal details of about 9m passengers were breached by a cyber attack.
About 10,000 customers have joined the case, making it one of the UK’s biggest group-action personal data claims, according to lawyers.
It comes after the low-cost airline said it had been targeted in a cyber attack undertaken by a "highly sophisticated" actor, with the email addresses and travel details of about 9m customers breached. Its investigation also found that about 2,200 passengers had their credit card details stolen.
Law firm PGMBM is leading the case against easyJet after filing papers in May. On Wednesday, it said 10,000 customers from more than 50 countries had joined the claim.
Tom Goodhead, PGMBM managing partner, said: "This is a monumental data breach and a terrible failure of responsibility that has a serious impact on easyJet’s customers, who are coming forward in their thousands."
EasyJet said: "We are aware that a class-action law firm has filed a claim against easyJet in the High Court and that other firms are advertising their services to do the same. This is not uncommon and just because these firms are advertising does not mean they have a strong claim."
Group claims have become increasingly popular in the UK due to the presence of litigation funders — groups who shoulder the financial risk of litigation in return for a slice of the upside — and changes to the regime making it easier to sign up claimants.
Large recent data claims include a group of 9,000 workers at Wm Morrison, which sued the supermarket chain over a data breach that affected about 100,000 staff. The claim was defeated in April after the Supreme Court ruled in favour of Morrisons.
Several thousand customers of airline British Airways are also bringing a claim against the company over a hack in 2018 that put 500,000 customers’ data at risk. They were granted a group litigation order last year and are seeking to sign up more claimants.
The scale of easyJet’s breach pales in comparison with some of the world’s biggest cyber attacks, which include hotel chain Marriott’s 500m customer breach, disclosed in 2018.
Industry experts say easyJet could face fines running into tens of millions of pounds for breaching the General Data Protection Regulation.
It comes at a difficult time for easyJet. The low-cost carrier last month announced plans to cut up to 30 per cent of its 15,000-strong workforce as it became the latest airline to warn that the aviation industry faces a slow recovery from the upheaval wrought by the coronavirus pandemic.
It is also in the middle of a battle with its founder and biggest shareholder Stelios Haji-Ioannou over a multibillion-pound order for 107 Airbus aircraft. He recently failed in his attempt to remove four directors over the spat.
(Published by Financial Times, June 24, 2020)