How EasyJet customers could make money out of the airline being hacked

Lawyers are undoubtedly going to make some cash too.

Graham Cluley @gcluley

How EasyJet customers could make money out of the airine being hacked

If you were one of the many EasyJet customers who received an email from the airline disclosing that your personal information may have been accessed by hackers, you might be eligible for compensation.

Law firm PGMBM has issued a class action claim on behalf of airline travellers impacted by the data breach, which made the headlines last week when EasyJet shared details publicly – months after it first realised it had been hacked.

The law firm estimates that each affected person may be able to claim up to £2000 in compensation. As nine million EasyJet customers are thought to have had their data exposed by the security breach, the action has a potential liability of £18 billion.

Email Sign up to our newsletterSign up to Graham Cluley’s newsletter - "GCHQ"
Security news, advice, and tips.

And, according to PGMBM, you don’t have to provide any evidence that you have lost any money to claim compensation:

“Under Article 82 of the EU General Data Protection Regulation (EU-GDPR) you have a right to compensation for inconvenience, distress, annoyance and loss of control of your data.”

PGMBM is operating the claim on a “no win, no fee” basis, and affected members of the public aren’t putting themselves in any financial risk by participating in the group action. If the class action isn’t successful, PGMBM’s insurance will cover any of the costs. If the class action is successful, then PGMBM will collect 30% of claimants’ compensation.

Maybe they’ll invest some of that money into making slightly slicker videos.

EasyJet Data Breach Claim

PGMBM, formerly known as SPG Law, previously launched a £500 million group action against British Airways after it suffered a serious data breach that spilt 500,000 payment card details. The law firm currently represents around 6,000 people affected by the British Airways breach, and there’s still an opportunity until January 2021 for others to join the group action.

British Airways was subsequently hit with a record fine of £183 million by the Information Commissioner’s Office (ICO) .

More details of the EasyJet class action, and an FAQ, are available on a website set up for the group action: theeasyjetclaim.com.

There’s a part of me that isn’t a huge fan of law firms racing in hours after a data breach in announced, trying to make a pile of money. But there’s a larger part of me that really doesn’t like organisations having slack security and not properly protecting their customers’ personal data.

Ultimately if the fear of post-hack financial loss won’t make companies take data security more seriously, what will?

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

17 Replies to “How EasyJet customers could make money out of the airline being hacked”

  1. British Airways has yet to be fined by the ICO who have pushed back actually imposing the fine on multiple occasions now.

    1. Under section 82 my wife's was affected by this mrs Lynn lewington & had to change details we would like to be compensated

      1. I was one of those affected my wife suffers with anxiety and stress so you can imagine how she felt

        1. I would recommend all to read the information provided by PGMBM, if I have understood this information correctly:
          1. They acknowledge that the BA fine has not resulted in any payments to private individuals.
          2. Their "no win no fee" is slightly misleading, they state that they will probably take out insurance against the possibility of losing the case and having to pay costs to Easyjet, the premium cost will have to be paid by those signing up with PGMBM in the event costs are awarded to Easyjet.
          3. PGMBM are looking for payments from each individual in the event that the case is won of 30%, to cover their costs, and a further 30% as their fee.

  2. If it takes no-win, no-fee leeches to apply a heavy financial penalty, so be it.
    Corporations have to start taking our privacy seriously enough to protect our data

  3. Unfortunately these things happen. ‘Ambulance chaser’ type companies should put their efforts into finding and prosecuting the perpetrators rather than ‘kicking someone that’s already down’. During these unprecedented timed we should be working together to make life easier. If it is proven that individuals have lost finances as a result of this hack they are The ones due compensation-no one else.

    1. I disagree, companies now the regulation and the requirements and if they have a data breach they should be hit by fines and class action claims. I know of large companies that add GDPR fines in to their risk register and calculate their security response based on that fine; by bringing class action cases in to the mix this means they can no longer calculate the risk (based on money values only) and therefore do not mitigate by procuring cyber insurance or creating a GDPR pot.

      As for these unprecedented times, this data breach occurred in January before this all started so feel that the only people hit by this during the unprecedented times are 9 million people that are not risking credit fraud etc. Easyjet did not inform these people for 4 months, in breach of GDPR, and therefore deserve all the fines and class action claims that are coming to them.

      GDPR and security in general should be about protecting the individual and EasyJet have not done this, if it was a mistake the ICO will fine to suit and this will be the basis of any claim against them. But it is likely that even if the fine is small any claim will be successful as EasyJet have clearly not followed the regulations by trying to brush everything under the carpet for 4 months.

  4. Having received the email from EasyJet I’ve been one of the affected EasyJet customers.
    The email only suggests that my personal details have been taken and they believe my credit cards details were not accessed…guess what? A day after getting the EasyJet email my credit card details used for the EasyJet booking was stolen and used four times! I think their breach is bigger than they think! If you get get this email saying they don’t think your CC details have been accessed I’d assume they may have been!!!

    1. Hmmm, dubious, given that the data breach was in January and they have only just revealed the details and sent the emails out. Stolen details would have been used at the time of the breach before people were aware and blocked their credit cards

  5. Some law firms are totally unethical, and could even pay hackers to steal data in order to be able to take the companies to court

  6. What a World we live in…these parasitic lawyers only offer to get compensation as they make money from this.
    Ok yes companies should be held responsible but come on Easy Jet is an airline and a very efficient and successful airline. They are not specialist data protectors…go after the perpetrators of this crime not the airline…
    A sad World we live in if we only want compensation…!!!

  7. I'm curious, how will this company obtain the details of customers to enable them to pursue compensation?

  8. Sure! We would all like to receive payouts from this, but remember one thing.
    Easy jet gives us cheap flights to far off destinations…..which are a lot more expensive through the likes of KLM and BA….You can't expect this to be the case…"excuse the pun". If they are hit with a massive fine. Fares will go through the roof or they will go to the wall..!!

  9. If they were lax – not up to the industry-standard/expected level of protection (e.g. stupid passwords, unencrypted information) then fair enough (and I for one would be happy to accept compensation in air miles). But if this happened despite their best endeavours, surely they should be supported, not hit (beyond having had to "bolster" their systems). Too much hatred and scapegoating in these times – standard meat-machine ego/control assertion within chaos?

  10. I have received an email from Easyjet saying my flight and travel dates have been hacked, but not the Credit Card or a passport information! This now put my home as a prime target for Burglary. If we decide to travel it will be worrying whilst we are away!

    I think we should receive some form of compensation from Easyjet!

  11. In the US, such lawsuits are relatively common. They usually end in a negotiated settlement in which each plaintiff attorney receives a very large payment and each participating plaintiff receives a pittance. Over the years, I have received various small payments from such settlements, probably averaging less than $2, and sometimes in the form of discount coupons for a product for which I had no need or wish to purchase.

    The largest was in the Sony Playstation 3/Linux case in which my recollection is that the judge rejected a payment of about $30 because he thought it too small, and a payout of $50 – $60 was proposed. I completed the forms and submitted proof I had purchased a Playstation 3 and a copy of Yellow Dog Linux during the appropriate time period (and dusted off the Playstation and saw it actually boot and operate). I received, quite a few months later, a postcard that was a check for $10 and change.

    I consider these lawsuits to be distinguishable only with difficulty from organized criminal racketeering for which, in other contexts, we have laws that carry long prison sentences. It saddens me a bit to see we have exported them to other countries.

  12. Absolute disgrace if you sign up to this law suit, this would be the end of Easy Jet and cheap flights. I had the email saying my flight details had been hacked but not my credit card etc. So now the hackers know when 9 million of us are going away, or not as the case will most likely be! Do you really think they are planning 9 million burglaries? These hackers are capable of beating even the most robust data protection systems and more often than not, do it just to prove they can so we shouldn't be hounding Easy Jet for compensation they can ill afford to pay. Or maybe you can put the money you might receive down as a deposit for your next flight with whatever airlines might be left standing

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.