, , ,

Why you shouldn’t accept EasyJet data breach compensation

EasyJet has admitted that the personal details of nine million customers and the financial data of 2,208 passengers have been accessed in a sophisticated cyber-attack. Those involved booked flights from 17th October 2019 to 4th March 2020. And, while the airline doesn’t appear to want to offer EasyJet data breach compensation to the vast majority of victims (and we’ll get to that…), it might have offered a settlement to those at significant financial risk. Especially as, according to the BBC, the “stolen credit card data included the three digital security code – known as the CVV number – on the back of the card itself”. So, the results could be disastrous for these cardholders.

But, even if EasyJet does offer you compensation, you might not want to accept it. Here’s why…

Are you being fobbed off by EasyJet?

All too often, organisations that have suffered a data breach are more concerned about limiting their exposure to liability than helping victims. So, while they might give you some money after a data breach, they are less concerned about ensuring you are fully reimbursed for the long-term and often psychological effects.

Indeed, in our experience, we often see companies make low offers of compensation in an attempt to get people to accept a small sum and prevent group litigation.

But, in 2020, we would expect any large business to have insurance in place to protect itself against cyberattacks and data breaches. Let’s face it, there are very few companies that don’t face cyber risk in this day and age. So EasyJet should be able to compensate victims properly.

Cybercriminals can do serious damage with your financial data

With enough financial information, cybercriminals set up fraudulent bank accounts and access your existing accounts. They can make payments using your data, and even apply for credit/loans.

Some financial information can also be used in targeted scams in an attempt to extract additional information from victims (phishing). And hackers often sell stolen financial data to other criminals to use in future scams.

Even if no money is lost, the impact of a financial data breach can be significant. Many victims go on to suffer from stress, anxiety and distress due to living with the added risk and the extra vigilance needed. To make matters worse, the effects of a data hack might not be immediately apparent, as information is often used in batches over time. So there is no quick fix.

At Hayes Connor, we understand that the full impact of a data breach is often not felt until months after the initial violation, so, we refuse to let people be fobbed off in such a way. We believe that your suffering should be taken seriously.

The amount of compensation you get should reflect the losses you have suffered

We take a long-term view when it comes to claiming compensation on your behalf. This means we look at a whole range of factors so you don’t lose out financially. This includes:

  • The privacy violation itself
  • Any money lost (e.g. if a cybercriminal used your bank card)
  • Stress, worry, and anxiety
  • The effect that the leak has had on your social and home life
  • Any loss of earnings as a direct result of the breach (e.g. if you need time off work or lose your job)
  • The loss of future earnings (e.g. if you have to drop out of university)
  • Any expenses that you have had to pay as a result of the data breach (e.g. private medical care, travel expenses, accommodation, etc.).

What’s more, when we review a client’s experience following a data breach, we often uncover information that allows us to increase the value of their claim significantly. What might seem irrelevant to you could make a huge difference in the eyes of the law. That’s why it’s vital that you don’t simply accept a low offer that could be designed to make you go away.

Why hasn’t everyone been offered compensation?

On its website, EasyJet says that:

“Apart from the very small subset of customers who we have already notified, no credit card details have been impacted.  We therefore do not expect there to be any financial loss caused by this incident.  We are advising customers to continue to be alert as they would normally be, especially should they receive any unsolicited communications”.

This statement proves that EasyJet is not taking responsibility for failing to protect its customers. The airline might think that there is “no evidence that any personal information of any nature has been misused” but, as we have already established, the impact of data breaches goes much further than financial losses. And, it does these nine million customers a disservice to assume otherwise.

Following a robbery, people often feel shock, anger, fear, helplessness and panic. Some will go on to suffer from psychological problems, and existing conditions are often exacerbated. And a personal data breach is a 21st-century version of being burgled. Thankfully, over the last few years, people are waking up to the reality of mental health and there is a greater awareness about the lasting effects of physiological suffering and anguish. What’s more, the law understands the damage that can be caused by worry and upset. So today, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

What’s more, even if your financial data hasn’t been stolen, your personal information could still be used for nefarious purposes. According to a report in the Independent:

“Experts suggest that personal information “drives a higher price on the dark web” – the area of the internet inaccessible by mainstream search engines – and could be used for organised crime or ransomed.”

So, the risk to everyone involved – regardless of whether they have had their financial or personal data accessed – is very real.

Has EasyJet put you at risk?

At Hayes Connor, we have been contacted by people concerned that EasyJet has breached their financial or personal data; many of whom are understandably upset and anxious about the breach. We believe that EasyJet may have failed to uphold your data security rights and we are now registering victims of this breach to a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim.


To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.