If you were one of the many EasyJet customers who received an email from the airline disclosing that your personal information may have been accessed by hackers, you might be eligible for compensation.
Law firm PGMBM has issued a class action claim on behalf of airline travellers impacted by the data breach, which made the headlines last week when EasyJet shared details publicly – months after it first realised it had been hacked.
The law firm estimates that each affected person may be able to claim up to £2000 in compensation. As nine million EasyJet customers are thought to have had their data exposed by the security breach, the action has a potential liability of £18 billion.
And, according to PGMBM, you don’t have to provide any evidence that you have lost any money to claim compensation:
“Under Article 82 of the EU General Data Protection Regulation (EU-GDPR) you have a right to compensation for inconvenience, distress, annoyance and loss of control of your data.”
PGMBM is operating the claim on a “no win, no fee” basis, and affected members of the public aren’t putting themselves in any financial risk by participating in the group action. If the class action isn’t successful, PGMBM’s insurance will cover any of the costs. If the class action is successful, then PGMBM will collect 30% of claimants’ compensation.
Maybe they’ll invest some of that money into making slightly slicker videos.
PGMBM, formerly known as SPG Law, previously launched a £500 million group action against British Airways after it suffered a serious data breach that spilt 500,000 payment card details. The law firm currently represents around 6,000 people affected by the British Airways breach, and there’s still an opportunity until January 2021 for others to join the group action.
British Airways was subsequently hit with a record fine of £183 million by the Information Commissioner’s Office (ICO) .
More details of the EasyJet class action, and an FAQ, are available on a website set up for the group action: theeasyjetclaim.com.
There’s a part of me that isn’t a huge fan of law firms racing in hours after a data breach in announced, trying to make a pile of money. But there’s a larger part of me that really doesn’t like organisations having slack security and not properly protecting their customers’ personal data.
Ultimately if the fear of post-hack financial loss won’t make companies take data security more seriously, what will?
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.