, , ,

Hold EasyJet to account, even if you haven’t lost any money

At Hayes Connor Solicitors, we have received hundreds of enquiries from people who have had their right to data privacy destroyed in the EasyJet data breach. In some cases, victims of this breach believe that they are not entitled to compensation. Usually because they have read reports like this one in the media.

But, while this reporter states that: “Generally, victims of a cyber-attack are only entitled to be reimbursed for any financial losses they suffer as a result of their card being compromised”, this is not true.

The theft and/or use of your personal data without your consent can cause distress, embarrassment and violation.  And you have a legal right to hold the guilty party to account.

Here’s what you need to know about claiming for emotional distress and breach of privacy caused by the EasyJet data hack.

Claiming for emotional distress following the EasyJet data breach

A personal data breach is a 21st-century version of being burgled. If a criminal came into your home and stole your private information, you would be distressed. So it’s understandable that people feel upset at having their personal online data taken. Especially if EasyJet effectively gave the thief the keys.

And the effects can be very real. For some people, a data breach can cause a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. We’ve seen cases where experiencing a data breach has resulted in adverse life events such as having to move to a new house or area, losing a job, relationship stress and separation, and dislocation from friends and family. All of which can lead to a diagnosable psychological injury.

What’s more, living with the threat of “what if” after a data breach can develop/ exacerbate mental health conditions. Victims of the EasyJet all now face living with heightened concern about their personal data being used for online scams, fraud and phishing attempts. And, at a time when the coronavirus pandemic is already having an impact on mental health, this additional worry is proving devastating for some.

So, while some people might believe that claiming for emotional distress is an over-reaction, this is not true. Thankfully, over the last few years, people are waking up to the reality of mental health and there is a greater awareness about the lasting effects of psychological suffering and anguish.

Claiming for breach of privacy following the EasyJet data breach

As data breaches continue to rise, we must hold organisations to account for their violations of trust when it comes to your valuable information. Indeed, while cybercriminals often target organisations to steal their data, in most cases the hackers are only successful because nobody put a “lock on the door”.

But just because EasyJet didn’t prioritise data security doesn’t mean you shouldn’t.

Data breach and cybercrime claims are not frivolous. As we have discussed, the emotional impact can be devastating, even without losing any money. But even if a privacy violation doesn’t cause you damage or distress, that doesn’t mean you shouldn’t do anything about it. Your data has value and organisations are legally obliged to look after it.

Something has to be done to make companies accountable for their data protection failures. And, in many cases, taking action against these organisations is the only way to make them improve their security processes.

As such, if EasyJet failed to protect your personal data, you have a right to claim compensation. Even if you haven’t suffered as a result.

Has EasyJet failed to look after your data?

At Hayes Connor, we are now registering victims of this breach to a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim.

FIND OUT MORE ABOUT OUR EASYJET DATA BREACH GROUP ACTION

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.

REGISTER NOW


, , , ,

EasyJet data breach victims reporting financial losses

According to Action Fraud – the UK’s national reporting centre for fraud and cybercrime  as of last month there were 51 reports in relation to the EasyJet data breach, with a total of  £11,752.81 in stated lossesOne customer lost £2,750 following the cyberattack.  

That’s despite the airline claiming that there was no evidence of any financial damage caused by the incident. The Action Fraud stats were shared recently.   

Action Fraud has warned those involved in the EasyJet data breach to be vigilant 

Action Fraud has provided advice and guidance if you think you have been affected. A statement on its website says:  

Action Fraud has been made aware by the National Cyber Security Centre of the cyber breach affecting EasyJet customers. We’re currently monitoring our system for EasyJet related reports to see if there has been a significant increase.

At this time we’re advising the public that if they think they’ve been a victim of fraud as a result of a data breach, to report it Action Fraud via the online reporting tool or by calling 0300 123 2040.

Here is what to do if you think you have been affected:

    • Phishing – Criminals may use your personal details to target you with convincing emails, texts and calls. Be suspicious of unsolicited requests for your personal or financial details. If you receive an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS): report@phishing.gov.uk.
    • Financial details – If your financial data was compromised, be vigilant against any unusual activity in your bank accounts or suspicious phone calls and emails asking for further information. If you notice any unauthorised transactions, notify your bank or card company.  
    • Passwords –Customers should ensure their passwords are secure. If you have been affected, you may want to consider changing passwords for key accounts such as banking. See Cyber Aware’s advice on creating a good password that you can remember, or read the NCSC’s blog post for help on using a password manager.
    • Report - If you think you have been a victim of fraud or cybercrime, report it to us. 

Our data protection solicitors are also warning people about the risks, with advice on what to do to protect yourself. You can read our guidance here 

Crucially, the effects of a data hack might not be immediately apparent, as stolen data is often used in batches over time. So, even if you have not yet suffered a loss, this doesn’t mean you are safe. You must take steps to protect yourself if you were involved in the EasyJet data breach.  

Make an EasyJet compensation claim

In addition to implementing the suggested security steps, if EasyJet has failed to uphold your data security rights, you should also consider making a compensation claim. 

At Hayes Connor Solicitors, we are watching this case with interest, and, if it transpires that EasyJet has failed to protect its customers, we will launch a no-win, no-fee group litigation action. Group actions can be a powerful tool and can have a bigger impact than a single claim.

We have already been contacted by people concerned that their data has been breached by EasyJetmanywho are understandably upset and anxious about the breach.

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen. 

If you were a part of this breach you should have been contacted by EasyJet by 26th May 2020.Everyone who received this confirmation can make a data breach claim with Hayes Connor Solicitors.

There are no costs to register and no obligation to proceed. 

REGISTER NOW

, , ,

What evidence do you need to join our EasyJet breach group action?

By now, EasyJet should have contacted everyone involved in its data breach to let them know. Certainly, at Hayes Connor, we have been inundated with queries from victims of the EasyJet breach, many of whom are understandably upset and anxious. On another page, we have attempted to answer some of the most frequently asked questions we have received so far. Here, we provide more guidance on the evidence we’ll ask you to provide if you join our claim.

1. Confirmation that you were involved in the EasyJet data breach

When you register to join our group action, one of the first things we’ll ask, is whether you have received notification from EasyJet that your details have been breached. Everyone who had their financial information hacked was informed in early April. And, by now, the nine million people who had their travel data compromised (this includes your name, email address, origin airport, destination, and departure date), should also have been informed.

If EasyJet hasn’t been in touch, it is unlikely that you were involved in this breach. However, if you booked a flight with EasyJet from 17 October 2019 to 4 March 2020, you should check your spam folder just in case.

We will require this confirmation to add you to our data breach group action.

2. Details of any phishing attacks or scams you might have experienced that you believe are linked to the data breach

Phishing criminals and other scammers could target victims of the EasyJet breach. Phishing occurs when a cybercriminal poses as a legitimate organisation, the police, or someone else you trust to trick you into handing over sensitive information such as usernames, passwords, financial data, etc.

Because of COVID-19, there is heightened concern about the personal data in this hack being used for online scams. And cybercriminals will likely try to take advantage of people who are cancelling flights because of the pandemic.

If you experience any phishing or other scam attempts that you believe are linked to this data breach, please make a note of these and keep any evidence. If you decide to make a data breach claim, we can use this to support your case. In particular, let us know of any fraudulent communications purporting to come from easyJet or easyJet Holidays.

However, you do not need this to join our EasyJet data breach group action.

3. Details of any money lost because of the EasyJet breach

Over 2,200 customers had their credit card details stolen in the EasyJet data hack. Some of these people may have had their card information used fraudulently. Even if your financial data wasn’t included in the breach, you could still have suffered a loss if a phishing scammer was able to use your personal data against you.

If you experience any financial loss because of this data breach, please make a note of this and keep any evidence (e.g. bank statements, correspondence, etc.). However, contrary to what we have seen reported in the media, you do not need to have lost money to make a data breach claim.

4. Details of any mental health conditions caused or made worse because of the EasyJet data breach

The impact of data breaches goes much further than financial losses. Many victims go on to suffer from stress, anxiety and distress. Following a robbery, people often feel shock, anger, fear, helplessness and panic. A personal data breach is a 21st-century version of being burgled.

If you experience emotional distress because of this data breach, please make a note of this and keep any evidence (e.g. details about medical appointments/prescriptions that relate to this data breach).

5. Details of any expenses or inconvenience incurred

Following a data breach, people often have to spend a significant amount of time on the phone to their bank. Or to the credit reference agencies to rectify any dips. Sometimes, there are travel costs and medical expenses required. And it might be possible to add these to your claim.

It is not unusual that – on reviewing a data breach impact form – we uncover information that allows us to increase the value of a claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. So, please keep a hold of anything that might be useful just in case.


Join our EasyJet breach group action

We are now registering victims of this breach to a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim.

EasyJet took four months to warn customers that hackers had their personal information. So, you might have already experienced phishing attempts and financial losses because of the breach. Even if you didn’t know that was the reason before now. If this has happened to you, we encourage you to let us know. However, the full impact of a data breach is often not felt until months after the initial violation, so once you join our group action, we will give you plenty of opportunities to update us should your situation worsen.

To become part of our EasyJet breach action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.

REGISTER NOW


, ,

5 questions to ask when choosing an EasyJet data breach lawyer

At Hayes Connor Solicitors, we have launched a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim. But we understand that choosing a solicitor can be daunting. How do you know if they are the right firm for you, and, can you be sure that you won’t have to pay any unforeseen costs? To make the process a little bit easier, here are just some of the questions you should ask when choosing an EasyJet data breach lawyer.

Is you firm a data breach expert?

The best way to make EasyJet pay for its failure to look after your data is to use a specialist data breach lawyer.

A dedicated data breach law firm will employ specialists in data breach law. So they will understand what it takes to make a successful data breach claim. Some firms are keen to take on data breach cases, but they are not experts in this field. Even “litigation specialists” may not have significant data breach experience.

But, if you use a firm that only deals with data breach law, all its resources will go towards enhancing this area of expertise. And, every single person who works there – from the individual who first picks up your call to the managing director – will have data breach experience.  This can be invaluable in getting you the compensation you deserve.

Hayes Connor is the leading data breach law firm in the UK.

How much will it cost to make a claim with your EasyJet data breach lawyers?

Many firms will offer their services on a no-win, no-fee basis. In such cases, if you don’t win, you don’t have to pay a penny.

But it’s also worth looking at what you will be charged if you win. Because if your claim is successful, you will have to contribute towards your EasyJet data breach lawyer’s costs. This ‘success fee’ is taken from the compensation awarded to you, and in some cases, it can be much higher than you expected. We’ve seen some solicitors charge 30% or more.

At Hayes Connor, we believe that our success fee is one of the most competitive around, and with us, you never have to pay more than 25% of your compensation.

There are no other hidden fees or admin charges.

Have you any experience managing data breach group actions?

We believe that a group action is the best way to claim EasyJet compensation. This is because a group action allows people to bring their claims together to strengthen their overall position and increase their chances of success.

There are a number of UK firms that have knowledge of multi-party litigation, but it’s worth checking to see if they have managed multiple data breach group actions. Because, when it comes to winning cases, understanding the law is only half the battle. You also need experience.

At Hayes Connor, we are currently managing a number of large data breach group actions. You can find out more about these here.  Currently, we are taking on big players such as Ticketmaster, Dixons, BA and Equifax (among others!).  In fact, in 2019 we were the only UK legal firm to launch a multi-party action against Ticketmaster and we issued a landmark £100 million data breach claim against Equifax.

And, in addition to our own legal expertise, we also work with expert barristers to help us win our group action cases. So, we are confident that our team will get the results you deserve.

How long have you been doing this for?

Data breach and cybercrime breaches are a relatively new and evolving area of law, so it can be difficult to find specialist EasyJet data breach lawyers.

But, over the past few years, our firm has established itself as the only niche provider of legal services in this area. And, because we have been doing this for longer than most, we lead our field when it comes to understanding the complexities involved.

Before that, we worked on different types of compensation claims. And, with over 50 years’ experience helping our clients secure the justice they deserve, our solicitors work tirelessly to ensure the best possible outcome for you.

Because of the level of our legal expertise, we provide an authoritative voice on data protection and cybercrime hot topics. Check out our latest media coverage here.

What is your success rate like?

When appointing EasyJet lawyers, you should ensure that they have a record of success when it comes to winning data breach cases. Last year at Hayes Connor:

  • 75% of our claims were concluded in under 9 months
  • We secured the largest amount of compensation for an individual claimant. In this case the client was awarded £100,000
  • We saw the average amount recovered for clients increase by over 25%. We are anticipating further growth in 2020.

Contact our EasyJet data breach lawyers and find out how we can help you

At Hayes Connor, we have been contacted by hundreds of people concerned that EasyJet has breached their data; many of whom are understandably upset and anxious. In response, we are registering victims of this breach to a no-win, no-fee group litigation action against the airline.

The law understands the damage that can be caused by worry and upset. So today, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

FIND OUT MORE ABOUT OUR EASYJET DATA BREACH GROUP ACTION

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.

REGISTER NOW


, , , ,

Where to get help following the EasyJet data hack

Following a data breach at budget airline EasyJet, the personal details of nine million people have been accessed and 2,208 individuals have also had their credit card details stolen. Since the EasyJet data hack, Hayes Connor has been contacted by many customers, many of whom are upset and anxious about the breach.

The emotional impact of a data breach can be significant

The impact of data breaches goes much further than financial losses. Many victims experience stress, anxiety and distress. Following a robbery, people often feel shock, anger, fear, helplessness and panic, and a personal data breach is a 21st-century version of being burgled.

Furthermore, the psychological effects of a data hack might not be immediately apparent. Knowing that your information has been “burgled”, living with the increased risk and the extra vigilance needed can all cause distress to victims over time.

Thankfully, over the last few years, people are waking up to the reality of mental health and there is a greater awareness about the lasting effects of physiological suffering and anguish. However, following the EasyJet data breach, victims must keep an eye on their emotional wellbeing to ensure that their mental health doesn’t suffer.

To help, our data protection solicitors have listed some helpful links to ensure victims of the EasyJet data breach know where they can turn.

Help & support for people following the EasyJet data breach


Information Commissioner’s Office

The Information Commissioner’s Office (ICO) protects the data privacy rights of individuals. While the ICO does not award compensation, it does have the power to impose hefty fines on organisations in breach of their duties. You have the right to ask the ICO to assess if an organisation breached the Data Protection Act. At Hayes Connor Solicitors we often work with the ICO to gather as much evidence as possible to help our clients succeed. The ICO has also provided advice on its website on how victims of the EasyJet breach can spot phishing scams.

www.ico.org.uk


Victim Support

Victim Support is the leading independent victim’s charity in England and Wales for people affected by crime and traumatic incidents. Last year it offered support to nearly a million victims across the UK.

www.victimsupport.org.uk


Samaritans

The Samaritans are a group of passionate volunteers working together to make sure fewer people die by suicide. If you are struggling emotionally after a data breach, they can help. You can call them free from any phone.

https://www.samaritans.org/


Mind

The Mind Community Support Service provides advice, information, onward referral and holistic support to people who are experiencing mental ill-health and drug/alcohol difficulties (which could be exacerbated following the EasyJet hack). The service can also provide support to people who have been a victim of crime.

https://www.mind.org.uk/


Get Safe Online

Get Safe Online is a leading source of unbiased, factual and easy-to-understand information on online safety. It contains lots of helpful guidance to protect you and your data from the threat of fraud, identity theft and abuse.

www.getsafeonline.org


Take Five to Stop Fraud

Take Five offers straight-forward and impartial advice to help everyone in the UK protect themselves against financial fraud. Following the EasyJet data breach, cybercriminals might use contact information to try and extract financial data from victims.

www.takefive-stopfraud.org.uk


Action Fraud

Action Fraud is the UK’s national reporting centre for fraud and cybercrime. Victims of online offences such as scams and financial/identity fraud following the EasyJet data hack should contact Action Fraud to report their loss. You can do this online or via telephone. Victims of data breaches do sometimes become the targets of criminals, so it’s important that anyone affected by the EasyJet data breach is vigilant.

www.actionfraud.police.uk


How can Hayes Connor help you after the EasyJet data hack?

At Hayes Connor, we are now registering victims of this breach to a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim.

The law understands the damage that can be caused by worry and upset. So today, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

FIND OUT MORE ABOUT OUR EASYJET DATA BREACH GROUP ACTION

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.

REGISTER NOW


, , ,

Why you shouldn’t accept EasyJet data breach compensation

EasyJet has admitted that the personal details of nine million customers and the financial data of 2,208 passengers have been accessed in a sophisticated cyber-attack. Those involved booked flights from 17th October 2019 to 4th March 2020. And, while the airline doesn’t appear to want to offer EasyJet data breach compensation to the vast majority of victims (and we’ll get to that…), it might have offered a settlement to those at significant financial risk. Especially as, according to the BBC, the “stolen credit card data included the three digital security code – known as the CVV number – on the back of the card itself”. So, the results could be disastrous for these cardholders.

But, even if EasyJet does offer you compensation, you might not want to accept it. Here’s why…

Are you being fobbed off by EasyJet?

All too often, organisations that have suffered a data breach are more concerned about limiting their exposure to liability than helping victims. So, while they might give you some money after a data breach, they are less concerned about ensuring you are fully reimbursed for the long-term and often psychological effects.

Indeed, in our experience, we often see companies make low offers of compensation in an attempt to get people to accept a small sum and prevent group litigation.

But, in 2020, we would expect any large business to have insurance in place to protect itself against cyberattacks and data breaches. Let’s face it, there are very few companies that don’t face cyber risk in this day and age. So EasyJet should be able to compensate victims properly.

Cybercriminals can do serious damage with your financial data

With enough financial information, cybercriminals set up fraudulent bank accounts and access your existing accounts. They can make payments using your data, and even apply for credit/loans.

Some financial information can also be used in targeted scams in an attempt to extract additional information from victims (phishing). And hackers often sell stolen financial data to other criminals to use in future scams.

Even if no money is lost, the impact of a financial data breach can be significant. Many victims go on to suffer from stress, anxiety and distress due to living with the added risk and the extra vigilance needed. To make matters worse, the effects of a data hack might not be immediately apparent, as information is often used in batches over time. So there is no quick fix.

At Hayes Connor, we understand that the full impact of a data breach is often not felt until months after the initial violation, so, we refuse to let people be fobbed off in such a way. We believe that your suffering should be taken seriously.

The amount of compensation you get should reflect the losses you have suffered

We take a long-term view when it comes to claiming compensation on your behalf. This means we look at a whole range of factors so you don’t lose out financially. This includes:

  • The privacy violation itself
  • Any money lost (e.g. if a cybercriminal used your bank card)
  • Stress, worry, and anxiety
  • The effect that the leak has had on your social and home life
  • Any loss of earnings as a direct result of the breach (e.g. if you need time off work or lose your job)
  • The loss of future earnings (e.g. if you have to drop out of university)
  • Any expenses that you have had to pay as a result of the data breach (e.g. private medical care, travel expenses, accommodation, etc.).

What’s more, when we review a client’s experience following a data breach, we often uncover information that allows us to increase the value of their claim significantly. What might seem irrelevant to you could make a huge difference in the eyes of the law. That’s why it’s vital that you don’t simply accept a low offer that could be designed to make you go away.

Why hasn’t everyone been offered compensation?

On its website, EasyJet says that:

“Apart from the very small subset of customers who we have already notified, no credit card details have been impacted.  We therefore do not expect there to be any financial loss caused by this incident.  We are advising customers to continue to be alert as they would normally be, especially should they receive any unsolicited communications”.

This statement proves that EasyJet is not taking responsibility for failing to protect its customers. The airline might think that there is “no evidence that any personal information of any nature has been misused” but, as we have already established, the impact of data breaches goes much further than financial losses. And, it does these nine million customers a disservice to assume otherwise.

Following a robbery, people often feel shock, anger, fear, helplessness and panic. Some will go on to suffer from psychological problems, and existing conditions are often exacerbated. And a personal data breach is a 21st-century version of being burgled. Thankfully, over the last few years, people are waking up to the reality of mental health and there is a greater awareness about the lasting effects of physiological suffering and anguish. What’s more, the law understands the damage that can be caused by worry and upset. So today, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

What’s more, even if your financial data hasn’t been stolen, your personal information could still be used for nefarious purposes. According to a report in the Independent:

“Experts suggest that personal information “drives a higher price on the dark web” – the area of the internet inaccessible by mainstream search engines – and could be used for organised crime or ransomed.”

So, the risk to everyone involved – regardless of whether they have had their financial or personal data accessed – is very real.


Has EasyJet put you at risk?

At Hayes Connor, we have been contacted by people concerned that EasyJet has breached their financial or personal data; many of whom are understandably upset and anxious about the breach. We believe that EasyJet may have failed to uphold your data security rights and we are now registering victims of this breach to a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim.

FIND OUT MORE ABOUT OUR EASYJET DATA BREACH GROUP ACTION

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.

REGISTER NOW


, , , ,

Is EasyJet deliberately downplaying the impact of its data breach?

EasyJet hit the headlines when it was revealed that the email addresses and travel details of nine million people and the financial details of 2,208 customers had been breached. But at Hayes Connor, we’re not convinced that the budget airline comprehends how significant this breach is. Or, if it does, it certainly isn’t owning up to it.

EasyJet claims there is no evidence that any personal information has been misused

In a statement admitting to the EasyJet data breach, the company said that “there is no evidence that any personal information of any nature has been misused”. But it can’t possibly know what the impact of this hack will be. Just because it doesn’t look like the data has been misused yet, doesn’t mean that it won’t be.

According to an article in The Independent, personal information “drives a higher price on the dark web” and “could be used for organised crime or ransomed”. Another article claims that “Airlines hold valuable personal information [that] could all be used by criminal organisations to commit identity fraud or further phishing campaigns as part of a larger operation”. Furthermore, most cybersecurity experts agree that it is too soon to say what has and will happen with EasyJet’s hacked customer data.

Certainly, we would advise anyone involved to beware of the following risks:

  • The risk of phishing. Victims of the EasyJet data hack could be targeted by phishing scammers. Phishing occurs when a cybercriminal poses as a legitimate organisation, the police, or someone else you trust to trick you into handing over sensitive information. In particular, EasyJet is advising customers to be cautious of any communications purporting to come from easyJet or easyJet Holidays
  • The risk of financial fraud/theft. Over 2,200 customers had their credit card details accessed in the EasyJet data hack. With enough financial information, cybercriminals can set up fraudulent bank accounts and access your existing accounts. They can also make payments using your data, and even apply for credit/loans
  • The risk of COVID-19 scams. Hackers will likely try to take advantage of people who are cancelling flights because of the pandemic. What’s more, people are more susceptible to scans when they are already anxious, and the combination of being hacked and coping with the pandemic is likely to cause additional stress. So you must be on your guard.

EasyJet isn’t acknowledging the potential emotional impact of the data breach

On its website, EasyJet says that it won’t be paying compensation to most customers. It states that:

“Apart from the very small subset of customers who we have already notified, no credit card details have been impacted.  We therefore do not expect there to be any financial loss caused by this incident.  We are advising customers to continue to be alert as they would normally be, especially should they receive any unsolicited communications”.

This statement proves that EasyJet is not taking responsibility for its failure to protect personal customer information.

The impact of the EasyJet data breach is likely to go much further than financial losses. And, EasyJet does the nine million customers who haven’t had their financial data stolen a disservice to assume otherwise.

A personal data breach is a 21st-century version of being burgled. And, following a robbery, people often feel shock, anger, fear, helplessness and panic. Some will go on to suffer from psychological problems, and existing conditions are often exacerbated.

Renowned clinical psychologist Professor Hugh C. H. Koch is an expert on the typical psychological effects experienced by victims of data breaches. He told us:

“Data breach victims typically experience high levels of anxiety, specific to the data breach but also generalised to other aspects of dealing with correspondence, telephone and digital communication and payment for services. Victims experience social anxiety, with difficulties dealing with friends and neighbours, tradesmen, shopping transactions and can develop oversensitivity or paranoia in their communications with others. They can also develop varying aspects of mood disturbances or depression especially including poor sleep and tearfulness.”

Thankfully, over the last few years, people are waking up to the reality of mental health and there is a greater awareness about the lasting effects of physiological suffering and anguish. What’s more, the law recognises the emotional damage that can be caused by a data protection failure, so EasyJet shouldn’t be allowed to get away with it.

EasyJet took months to let customers know they were at risk

EasyJet knew about the hack as far back as January. So why did the airline take four months to warn customers that hackers had their personal information? Especially as, under the General Data Protection Regulation (GDPR), if a breach is likely to result in a “high risk of adversely affecting individuals’ rights and freedoms”, organisations inform those individuals without undue delay.  Even customers who had their credit card details stolen in this hack were not told until early April.

 


Do you want to hold EasyJet to account?

At Hayes Connor, we have been contacted by people concerned that EasyJet has breached their data; many of whom are understandably upset and anxious about the breach.  In response, we are now registering victims of this breach to a no-win, no-fee group action.

FIND OUT MORE ABOUT OUR EASYJET DATA BREACH GROUP ACTION

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.

REGISTER NOW


, , , ,

Know the risks & stay safe following the EasyJet data hack

Highly sophisticated hackers have successfully carried out a cyber-attack on the discount airline. The breached information includes the email addresses and travel details of nine million people and the financial details of 2,208 customers. All passengers involved in the EasyJet data hack will be contacted by 26th May at the latest (anyone who has had their financial data compromised has already been told).

If you are informed that your information has been breached, it’s essential that you understand the risks, and what to do to protect yourself.

The risk of phishing

Victims of the EasyJet data hack could be targeted by phishing scammers. Phishing occurs when a cybercriminal poses as a legitimate organisation, the police, or someone else you trust to trick you into handing over sensitive information such as usernames, passwords, financial data, etc.

In particular, EasyJet is advising customers to be cautious of any communications purporting to come from easyJet or easyJet Holidays.

You should also follow these tips to protect yourself from phishing scams:

  • Always question uninvited approaches in case it’s a scam and don’t assume an email or phone call is authentic
  • Know that, just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine
  • Never disclose security details, such as your PIN or full banking password
  • Don’t click any suspicious links that claim to be from your bank (or anyone else). Always go to the organisation’s website by entering its proper address (or searching for it in Google)
  • Make sure your devices are protected by internet security software and keep this up to date
  • Be aware of common phishing techniques and keep an eye out for fraudsters who attempt to gather additional personal information
  • Listen to your instincts and stop conversations immediately if you are at all worried. A reputable organisation will never stop you from carrying out security checks.

The risk of financial fraud/theft

Over 2,200 customers had their credit card details accessed in the EasyJet data hack. With enough financial information, cybercriminals can set up fraudulent bank accounts and access your existing accounts. They can also make payments using your data, and even apply for credit/loans.

According to the BBC: the “stolen credit card data included the three digital security code – known as the CVV number – on the back of the card itself”. This is especially worrying as it makes it much easier for cybercriminals to misuse card information.

EasyJet warned customers whose credit card details were stolen in early April. If you were told your data was included in this breach and you haven’t already put steps in place to protect your finances, you must do so immediately. This includes:

  • Contacting your bank or credit card provider to let them know your data was violated (you should be issued with a new card and the bank might put additional security steps in place)
  • Keeping an eye on your transactions and contacting your bank or credit card provider immediately if you spot any unfamiliar or suspicious activity
  • Keeping an eye on your credit score for any unexpected dips
  • Contacting all the major credit reference agencies to ensure credit isn’t taken out in your name
  • Understanding that a legitimate bank or other financial organisation will never contact you ask for your PIN or full password, or ask you to move money to another account for fraud reasons
  • Registering with the Cifas protective registration service if you want to put an additional layer of security in place. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you.

In addition, you should look out for phishing scams that attempt to use your financial data against you.

If you experience any financial loss or fraud attempts that you believe are linked to this data breach, please make a note of these and keep any evidence. If you decide to make a data breach claim, we can use this to support your case.


The risk of COVID-19 scams

Because of COVID-19, there is heightened concern about personal data being used for online scams. And hackers will likely try to take advantage of people who are cancelling flights because of the pandemic.

What’s more, people are more susceptible to scams when they are already anxious, and the combination of being hacked and coping with the pandemic is likely to cause additional stress. Hackers may try to take advantage of this, so you must be on your guard.

As well as being careful of any communications that claim to come from easyJet or easyJet Holidays, people should beware in case the data accessed in this hack is used in additional COVID-19 scams. Here are just some of the coronavirus scams you should look out for.

If you are targeted by scams and believe these are linked to this data breach, please note what has happened and keep any evidence. If you decide to make a data breach claim, we can use this to support your case.


The risk of developing/ exacerbating mental health conditions

The impact of data breaches goes much further than financial losses. Many victims go on to suffer from stress, anxiety and distress. Following a robbery, people often feel shock, anger, fear, helplessness and panic. A personal data breach is a 21st-century version of being burgled.

Furthermore, the psychological effects of a data hack might not be immediately apparent. Knowing that your information has been “burgled”, living with the increased risk, and the extra vigilance needed can all cause distress to victims over time.

Renowned clinical psychologist Professor Hugh C. H. Koch is an expert on the typical psychological effects experienced by victims of data breaches. He told us:

“Data breach victims typically experience high levels of anxiety, specific to the data breach but also generalised to other aspects of dealing with correspondence, telephone and digital communication and payment for services. Victims experience social anxiety, with difficulties dealing with friends and neighbours, tradesmen, shopping transactions and can develop oversensitivity or paranoia in their communications with others. They can also develop varying aspects of mood disturbances or depression especially including poor sleep and tearfulness.”

So, following the EasyJet data breach, victims must keep an eye on their emotional wellbeing to ensure that their mental health doesn’t suffer.


Has the EasyJet data hack put you at risk?

At Hayes Connor, we have been contacted by people concerned that EasyJet has breached their data; many of whom are understandably upset and anxious about the breach.

Making things worse, EasyJet took four months to warn customers that hackers had their personal information. So, it is possible that you might have already experienced phishing attempts and financial losses because of the breach. If this has happened to you, we encourage you to let us know.

We are now registering victims of this breach to a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim.

The law understands the damage that can be caused by worry and upset. So today, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

FIND OUT MORE ABOUT OUR EASYJET DATA BREACH GROUP ACTION

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.

REGISTER NOW


, , , ,

CVV security numbers exposed in EasyJet data breach

The more details come to light about the EasyJet data breach, the worse it gets. Earlier this week, the airline admitted that (as well as the personal details of nine million customers), over 2,208 passengers had their credit card details accessed in the EasyJet hack. And now, according to the BBC:

“Stolen credit card data included the three digital security code – known as the CVV number – on the back of the card itself”.

Why is the CVV number so important?

The CVV number provides added security against scams. It is needed to complete any transactions that are carried out online using a card. Under worldwide Payment Card Industry Data Security Standards (PCI DSS) companies are not allowed to save information about CVV numbers, because, if a hack takes place, it is very difficult for a cybercriminal to misuse card information without it.

And, while EasyJet is trying to PR the data breach as having information ‘accessed’ rather than ‘stolen’, if a hacker gets hold of your CVV number (along with other data), however they spin it, the results could be disastrous.

What can cybercriminals do with your financial data?

With enough financial information, cybercriminals set up fraudulent bank accounts and access your existing accounts. They can make payments using your data, and even apply for credit/loans.

Some financial data can also be used in targeted scams in an attempt to extract additional information from victims (e.g. banking passwords etc.). And hackers often sell stolen financial data to other criminals to use in future scams.

Even if no money is lost, the impact of a financial data breach can be significant. Many victims go on to suffer from stress, anxiety and distress due to living with the added risk and the extra vigilance needed. To make matters worse, the effects of a data hack might not be immediately apparent, as information is often used in batches over time. So there is no quick fix.

Protect your finances immediately

Customers whose credit card details were stolen in the EasyJet data breach were informed in early April. Although, we question why there was such a significant delay when the airline knew about the breach in January. If you were told your data was included in this breach and you haven’t already put steps in place to protect your finances, you must do so immediately. This includes:

  • Contacting your bank or credit card provider to let them know your data was violated (you should be issued with a new card and the bank might put additional security steps in place)
  • Keeping an eye on your transactions and contacting your bank or credit card provider immediately if you spot any unfamiliar or suspicious activity
  • Keeping an eye on your credit score for any unexpected dips
  • Contacting all the major credit reference agencies to ensure credit isn’t taken out in your name
  • Understanding that a legitimate bank or other financial organisation will never contact you ask for your PIN or full password, or ask you to move money to another account for fraud reasons
  • Registering with the Cifas protective registration service if you want to put an additional layer of security in place. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you.

There is a further threat to watch out for

In addition to the immediate financial threat, there is a secondary risk to look out for – and that’s phishing.

Phishing is where a fraudster poses as a legitimate organisation (e.g. EasyJet), the police, or someone else you trust to trick you into handing over sensitive information such as usernames and passwords. To protect yourself from phishing attempts we recommend that you be on your guard against attempts to extract further information from you. For example:

  • Always question uninvited approaches in case it’s a scam and don’t assume an email or phone call is authentic
  • Know that, just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine
  • Never disclose security details, such as your PIN or full banking password
  • Don’t click any suspicious links that claim to be from your bank (or anyone else). Always go to the organisation’s website by entering its proper address (or searching for it in Google)
  • Make sure your devices are protected by internet security software and keep this up to date
  • Be aware of common phishing techniques and keep an eye out for fraudsters who attempt to gather additional personal information
  • Listen to your instincts and stop conversations immediately if you are at all worried. A reputable organisation will never stop you from carrying out security checks.

Is EasyJet insured against the risk

As yet, the details are unclear. But in 2020, we would expect any large business to have insurance in place to protect itself against such breaches. Let’s face it, there are very few companies that don’t face cyber risk in this day and age. In fact, at Hayes Connor, we’ve been warning companies about this for quite some time.

Has EasyJet put you at risk?

At Hayes Connor, we have been contacted by people concerned that EasyJet has breached their financial data; many of whom are understandably upset and anxious about the breach. We believe that EasyJet may have failed to uphold your data security rights. Not just because of the initial hack, but because of the delay in informing customers. As such, we are now registering victims of this breach to a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim.

FIND OUT MORE ABOUT OUR EASYJET DATA BREACH GROUP ACTION

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.

REGISTER NOW


, , , ,

EasyJet took four months to warn customers that hackers had their personal information

On 19th May 2020, EasyJet admitted that the personal details of nine million customers had been accessed and 2,208 customers had their credit card details stolen in a sophisticated cyber-attack. EasyJet knew about the hack as far back as January. Under the General Data Protection Regulation (GDPR), organisations must tell the ICO (the UK’s data protection regulator) about a personal data breach within 72 hours. And, if the breach is likely to result in a “high risk of adversely affecting individuals’ rights and freedoms”, organisations must also inform those individuals without undue delay. So why did the airline take four months to warn customers that hackers had their personal information following the EasyJet data breach?

EasyJet customers are at risk

EasyJet is trying to defend itself by claiming that “there is no evidence that this information has been misused by criminals”.  Instead, the airline claims that its investigation into the attack suggests that hackers were targeting “company intellectual property” rather than information that could be used in identity theft.  It is believed a group of Chinese hackers might be behind the attack, and that this group has previously targeted travel records and other data valuable for counterintelligence.

But EasyJet can’t possibly know the extent of the threat to individuals.

A data breach can result in both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. Even an email address can be used to extract additional data and cause harm. And hackers often sell stolen data to other criminals to use in future scams. As such, the impact of data breaches goes much further than financial losses. Many victims go on to suffer from stress, anxiety and distress. Furthermore, the effects of a data hack might not be immediately apparent.

Plus, 2,208 customers had their credit card details accessed. This is a very obvious threat. And, while these customers were informed about the EasyJet data hack in early April, that’s still a very significant delay.

Has Covid-19 changed things?

EasyJet claims that, since it became aware of the incident, it has become clear that owing to COVID-19, there is heightened concern about personal data being used for online scams. It is true that hackers will likely try to take advantage of people who are cancelling flights because of the pandemic.

But, while COVID-19 gives cybercriminals an extra opportunity to contact and attempt to exploit customers, we would argue that this risk has always existed. As such, we find it hard to accept this justification for the delay.

EasyJet claims it wasn’t able to warn customers before now

As the details of this case emerge, EasyJet has also justified the delay by claiming that it took time to understand the scope of the attack and to identify who had been impacted. This might very well be the case (and the ICO’s investigation into the breach should establish if this is true). But, if EasyJet cared about the safety of its customers, it could have issued a general warning. This would at least have given people the opportunity to put additional security measures in place until the full details were known. By not doing this, EasyJet left millions of people vulnerable for months.

The ICO has raised concerns about phishing following the EasyJet data breach

On the recommendation of the ICO, EasyJet eventually alerted customers and warned them of the risk of phishing. Phishing is where a fraudster poses as a legitimate organisation (e.g. EasyJet), the police, or someone else you trust to trick you into handing over sensitive information such as usernames, passwords and financial data.

The impact of a phishing scam can be devastating, and we have seen cases where the financial losses only start to occur three to six months later. This is often because the data stolen is used in batches over time. As such, EasyJet customers affected by this breach must be on their guard. The ICO has advice on its website on how to spot phishing scams.

It is also possible that customers of EasyJet might have experienced increased phishing attempts over the past few months because of the breach. If this has happened to you, we would encourage you to let us know.

Has the EasyJet data breach put you at risk?

EasyJet warned customers whose credit card details were stolen in early April. All other customers will be notified no later than 26th of May 2020. If you have been a customer of EasyJet, we advise you to keep an eye out for this communication (and check your spam folder in case it is directed there).

At Hayes Connor, we have already been contacted by people concerned that EasyJet has breached their data; all of whom are understandably upset and anxious about the breach. We believe that EasyJet may have failed to uphold your data security rights. Not just because of the initial hack, but because of the delay in informing customers. As such, we are now registering victims of this breach to a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim.

FIND OUT MORE ABOUT OUR EASYJET DATA BREACH GROUP ACTION

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.

REGISTER NOW