26th May 2020
Law firm PGMBM has issued a £18bn "no-win-no-fee" class action claim in the High Court of London against EasyJet, on behalf of affected customers.
It was reported that EasyJet became aware of the cyber-attack in January 2020, with crooks gaining access to 9m customers' email and travel details, and more than 2,000 customers' payment card details.
The firm is seeking £2,000 compensation for any customers who wish to join this new claim. A potential liability for EasyJet of £18bn.
Advisors in this space have often commented on the potential of a new career for ambulance chasers, now that PPI has been largely milked dry.
GDPR article 82 provides data subjects with a right to compensation, stating "any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered."
Part of the challenge here is that there's not much consensus on what the price of "material or non-material damages" are yet.
The lawsuit is totally separate from any action that the Information Commissioner’s Office (ICO) may wish to take, which could be up to 4% of annual revenue (£6.4bn in 2019, so a maximum £255m fine). Although, we're still waiting for ICO's public announced (July 2019) intention to fine British Airways £183m to become more than an intention.
The company will also have to consider reputation damaged caused by losing customers data, on top of all the Covid woes that aren't flying away anytime soon.
Got a comment or request?
Need help with data protection or information security?
Contact us for advice, assurance, audit, training, vDPO, vCISO, outsourced partnership.
+44 (0) 208 133 0242