EasyJet has fallen victim to hackers. According to the airline, the personal details of nine million customers have been stolen and 2,208 customers have also had their credit card details accessed. And, while a spokesperson says there is no evidence that this information has been misused by criminals, we would urge victims of the EasyJet data breach to take urgent steps to protect themselves.
What do we know about the EasyJet data breach?
Highly sophisticated hackers have successfully carried out a cyber-attack on the discount airline. The information that has been breached includes the email addresses and travel details of nine million people and the financial details of over 2,200 customers.
We don’t yet know when the incident was identified and how long the violation lasted before it was stopped.
EasyJet has apologised for the breach and has attempted to reassure customers that it takes the safety and security of their information very seriously. The company has reported itself to the Information Commissioner’s Office (ICO) and National Cyber Security Centre.
Under current data protection legislation, EasyJet must inform everyone who is affected by this data breach and EasyJet should have notified everyone involved by no later than 26th of May. If you have been a customer of EasyJet, we advise you to check for this communication (and check your spam folder in case it has been directed there).
How can you keep safe following the EasyJet data breach?
In a statement, EasyJet says that it will provide protective steps to minimise any risk of potential phishing. In addition, our data protection lawyers recommend that EasyJet customers take the following measures:
- Contact your bank or credit card provider immediately if your financial data has been exposed
- Check all bills and emails for goods or services you have not ordered
- Check your bank account for unfamiliar transactions
- Alert your bank or credit card provider immediately if there is any suspicious activity
- Monitor your credit score for any unexpected dips
- Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
- Never provide your PIN or full password to anyone (even someone claiming to be from your bank)
- Never been pressured into moving money to another account for fraud reasons. A legitimate bank won’t ask you to do this.
- Never automatically click on any suspicious links or downloads in emails or texts
- Don’t assume an email or phone call is authentic just because someone has your details
- Be careful who you trust – criminals often use scare tactics to try and trick you into revealing your security details
- Know that, even if you recognise a name or number, it might not be genuine
- Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot
- Never provide your full password, pin or security code to someone over the phone (or via message). If a bank believes a transaction has been fraudulent, they will not ask for this information to cancel the transaction
- Listen to your instincts and ask questions if something feels “off”
- Refuse requests for personal or financial information and stop discussions if you are at all unsure
- Contact your bank or financial service provider on a number you know and trust to check if a communication is genuine
- Be cautious of unsolicited communications that refer you to a web page asking for personal data
- Don’t accept friend requests from people you don’t know on social media
- Review your online privacy settings.
- Register with the Cifas protective registration service to slow down credit applications made in your name
- Change your passwords regularly and use a different password for every account (a password manager can help with this)
- Protect your devices with up to date internet security software.
What will happen next?
The ICO – which is the UK’s data protection regulator – is investigating the breach. If EasyJet is found to have poor security processes, it will face a substantial fine. BA has been fined £183m by the ICO for a similar breach in 2018. However, even if the ICO fines EasyJet, none of this money will go to victims of the hack.
A data breach can result in both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. Even an email address can be used to extract additional data and cause harm.
And the impact of data breaches goes much further than financial losses. Many victims go on to suffer from stress, anxiety and distress. Furthermore, the effects of a data hack might not be immediately apparent.
Join our EasyJet data breach group action
In addition to implementing the suggested security steps, if EasyJet has failed to uphold your data security rights, you should consider making a compensation claim.
At Keller Lenkner UK, our expert data breach lawyers are watching this case with interest, and, if it transpires that EasyJet has failed to protect its customers, we will launch a no-win, no-fee group litigation action.
Group actions can be a powerful tool and can have a bigger impact than a single claim.
To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen. There are no costs to register and no obligation to proceed.