Menu Close

£18bn lawsuit for EasyJet in UK High Court after huge passenger data breach

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

A class action claim has now begun in the High Court against EasyJet, because of a data breach that compromised the details over circa 9 million airline passengers. Customers could benefit by £2,000 each if the claim is successful.

This action – brought by law firm PGMBM could result in potential liability, therefore, of £18 billion.

EasyJet revealed mid-May that personal data of 9 million customers globally had been exposed due to the data breach. This breach happened in Jan. 2020, but it is noted that despite an alert to the UK’s Information Commissioner’s Office at that time, EasyJet waited 4 months to inform passengers.

Article 82

The details disclosed by the breach included full names, email addresses & travel data that included departure dates, arrival dates & booking dates.

PGMBM commented that the revelation of details of individuals’ personal travel could produce security problems to people & is a huge invasion of privacy.

Also, under Article 82 of the EU General Data Protection Regulation (EU-GDPR), passengers have the right to compensation for ‘inconvenience, distress, annoyance & loss of control’ of their personal data.


The law practice made the claim after being contacted by many affected people after the data breach became public.

PGMBM has instructed a team of QCs & Junior Barristers from Serle Court & 4 New Square Chambers.

Tom Goodhead, PGMBM Managing Partner, observed that the breach was a “terrible failure of responsibility that has a serious impact on easyJet’s customers.”


“This is personal information that we trust companies with, and customers rightly expect that every effort is made to protect their privacy. Unfortunately, easyJet has leaked sensitive personal information of nine million customers from all around of the world,” he commented.

Paul Cahill, Data Breach Solicitor at Fletchers Data Claims explained that the Information Commissioner’s Office (ICO) has the ability to impose a big fine for this sort of breach.

“However, the ICO cannot award compensation to victims of a data breach – which means that people who are affected must find alternative ways to seek compensation,” he further observed.

“The EasyJet breach means that more than 2,000 customers are now unsure who has their credit card details and what action might be taken with that information.”

Security Systems

Partner & Head of Mishon de Reya Cyber, Joe Hancock, added that he believes that the fact that only limited credit card details were taken shows that EasyJet’s security systems were largely effective.

“This may indicate that the attackers were also limited by what they could collect as the number of booking have plummeted in light of the Covid-19 pandemic,” he suggested.

EasyJet customers have the ability to join the claim at on a ‘no-win, no-fee basis.’ PGMBM has added that if it is successful in recovering compensation for claimants, they will ‘only’ charge a maximum of 30% of damages awarded.


No doubt, many airlines, other large businesses & cyber professionals will be closely following the outcome of this case, as the financial consequences are potentially so enormous that in this most financially challenging year in business imaginable, it could be a recipe for potential insolvencies.

Virtual Conferences


More To Explore

Community Area


Home Workouts


spaghetti Bolognese