A British law firm has filed a group litigation order lawsuit against EasyJet, the largest airline in the U.K., after hackers accessed the personal data of around nine million individuals. The lawsuit seeks $22 billion.
On May 19, 2020, EasyJet announced the data breach, which involved the travel information of as many as nine million individuals and the credit card information of more than 2,000. The BBC reported that EasyJet knew of the cyberattack in January 2020.
The European Union's General Data Protection Regulation (GDPR) requires organizations to report data breaches of personal information within 72 hours in certain circumstances. The U.K. Information Commissioner's Office is investigating the data breach.
Some customers have reported receiving phishing messages spoofing EasyJet. However, there is no proof that customer data compromised in the attack has been used for fraud.
British Airways was fined $229.2 million for violating the GDPR after hackers stole the personal information of around 500,000 customers in 2018. Jeff Stone "Lawsuit seeking billions in damages filed against EasyJet" cyberscoop.com (May 27, 2020).