UK budget airline easyJet is facing an £18 billion class-action lawsuit filed on behalf of customers impacted by a recently-disclosed data breach. Made public on May 19, easyJet said that information belonging to nine million customers may have been exposed in a cyberattack, including over 2,200 credit card records. The “highly sophisticated” attacker to blame for the security incident managed to access this financial information, as well as email addresses and travel details. EasyJet is still contacting impacted travelers. The carrier did not explain how or exactly when the data breach took place, beyond that “unauthorized access” has been “closed off.” The National Cyber Security Centre (NCSC) and the UK’s Information Commissioner’s Office (ICO) have been notified, of which the latter has the power to impose heavy fines under GDPR if an investigation finds the carrier has been lax in data protection and security.
Source: ZD Net