The law firm which has just settled a compensation claim with British Airways over its 2018 data breach is pressing ahead with a potentially bigger action against easyJet.
PGMBM has settled with BA “on confidential terms” and is now turning its attention to easyJet, whose nine million potential breaches could eclipse BA’s, which affected 420,000 customers and staff.
The easyJet leak was first revealed in May 2020, four months after the Information Commissioner’s Office was informed.
PGMBM said around nine million customers had email and travel details stolen. “A further 2,208 customers had credit and debit card details compromised, including the three-digit security code known as the CVV number.”
The law firm said the airline’s potential liability was “as much as £18 billion”.
PGMBM chairman Harris Pogust said the BA case gave hope to the latest claim: “The pace at which we have been able to resolve this process with British Airways has been particularly encouraging and demonstrates how seriously the legal system is taking mass data incidents.
“This is a very positive sign as we look ahead to what will be an even bigger case against easyJet relating to their 2020 data breach.”
BA revealed in September 2018 that data including names, debit and credit card numbers, addresses and email addresses had been leaked.
It led to BA being fined £183 million by the Information Commissioner’s Office. However, last October, the fine was reduced to £20 million after the effects of the pandemic were taken into account.
The case for compensation for those affected was brought in April 2020. The settlement does not include an admission of liability by BA.
Pogust said: “The Information Commissioner’s Office laid out how BA did not take adequate measures to keep its passengers’ personal and financial information secure. However, this did not provide redress to those affected. This settlement now addresses that.”
In a statement, BA said: “We apologised to customers who may have been affected by this issue and are pleased we’ve been able to settle the group action. When the issue arose, we acted promptly to protect and inform our customers.”