British budget airline easyJet is facing a $22 billion class action lawsuit over a recent high-profile data breach, Computer Weekly has reported.
According to the report, law firm PGMBM, which specialises in group legal action, is suing the airline on behalf of the nine million customers affected by the incident.
The firm has demanded each affected customer is paid approximately $2400 and has invited all easyJet customers to join the lawsuit, on a no-win, no-fee basis.
“This is a monumental data breach and a terrible failure of responsibility that has a serious impact on easyJet’s customers,” said Tom Goodhead, Managing Partner at PGMBM.
“This is personal information that we trust companies with, and customers rightly expect that every effort is made to protect their privacy. Unfortunately, easyJet has leaked sensitive personal information of nine million customers from all around the world.”
The leak, which allegedly occurred in January but was disclosed to the public only recently, included names, email addresses and travel data (departure and arrival dates, reference numbers and booking values). The ICO was reportedly notified on time, but the company was slow to report the incident to its customers.
In a response to the news, the ICO determined easyJet should have taken steps to better protect its customers.
“People have the right to expect that organisations will handle their personal information securely and responsibly. When that doesn’t happen, we will investigate and take robust action where necessary,” said the watchdog.
“Anyone affected by data breaches needs to be particularly vigilant to possible phishing attacks and scam messages. We have published advice on our website about how to spot potential phishing emails,” it added.
Despite the transgression, David Halliday, Partner at law firm Baker McKenzie, believes the ICO will deliver a lenient penalty, given the damage caused to the aviation industry by the ongoing pandemic.
“The ICO has indicated that it intends to take a pragmatic and proportionate approach during the current crisis and has suggested that before issuing fines, it will take into account the economic impact and affordability of the proposed fine, and that in current circumstances this is likely to mean the level of fines reduces,” he said.
“Clearly the airline industry has been particularly seriously affected by the pandemic, so it will be interesting to see what effect, if any, this has on the ICO’s response.”