It was all over the papers, but did you hear about the January cyberattack on EasyJet that left them with a huge data breach that has affected over 9 million customers? The company went on to explain that the data breach meant that the personal details of passengers had been stolen along with the credit card details of just under three thousand people and that they were confident that none of the information taken had been misused.
How Will I Know If My Data Has Been Breached?
Now that this data breach has been made public, EasyJet has confirmed that anyone who was affected during this attack will be informed by the 26th May. This means that you should already know if you are a victim of this incident. If, however, you remain concerned that your information may have been taken then you should contact EasyJet in the first instance to seek clarification on the matter.
What Is The Recourse for EasyJet?
When a company breaks GDPR, then they can be fined up to 4% of their last year’ turnover. For a company like EasyJet, this could mean a fine of around £250 million if the Information Commission wanted to push it to the upper limit. However, it is unlikely that they will be charged the full 4% and we will need to wait to see how much the Information commission decide to charge.
What Should I Do Now To Protect Myself?
If you have been a victim of this breach, then you should take immediate action to secure your data. This includes:
- Changing your EasyJet passwords and any other passwords that are the same as the one you use for EasyJet.
- Change your banking passwords.
- Check your bank account for any unauthorised purchases.
- Refuse to share any personal details if you get a phone call from anyone who says they are from your bank – instead, hang up and call your bank back to see if it was them.
- Report the breach to Action Fraud for investigation.
Can I Claim Compensation From EasyJet If I Have Been Affected?
If you are considering making a claim against the company for losing your data, then GDPR states that it is possible as long as you have suffered specific damage because of the data loss. Your compensation, if any, will be dependent on a range of factors that include:
- How sensitive the data was that was taken.
- The number of people that had access to your information.
- How long it took for you to be told of the breach and how long your information was available.
- The level of financial loss that you incurred as well as the emotional impact of the loss.
In the first instance, you will need to report the breach to Action Fraud which is the national police agency that deals with fraud and cybercrime. Your case will be investigated, and you can then decide whether to make a claim or not.