[SimonS1]

[quote quote=999322]In 2018, in a similar incident, cyber hackers had breached BA’s website and stolen information of some 380,000 customers and its website had been compromised. Because of that breach, the Information Commissioner fined British Airways’ the maximum penalty, amounted to 1.5% of its worldwide turnover of £11.6 billion in 2017, the possible maximum of more than £183 million. (The BA Accounts shows a reserve figure of £576 million?)[/quote]

I believe the reserve is a provision against possible losses in the class action being brought against BA.

[Roa1]

SimonS1

I had seen that figure banded around and couldn’t make any sense! Thanks for clarifying.

[Roa1]

A law firm PGMBM has created a website, “a data breach compo web site”, offering some nine million easyJet passengers, as much as £2,000 per passenger compensation on “no win, no fee” basis, because of the data breach. The website has a link to “a data breach compo web site”. This is a gigantuam claim and could utterly destroy the airline.

There could also be more woes for easyJet from the Information Commissioner such as placing an hefty fine.

Despite all that, easyJet shares have shot up today. Am I missing something!

[capetonianm]

I also wondered why the shares have shot up. Am I missing something?

Can passengers claim compensation when they have incurred no loss whatsoever?

[Roa1]

capetonianm

The law firm is suing easyJet under the Article 82 of the EU General Data Protection Regulations, which says that customers are entitled to compensation due to a loss of control over their personal data. Please read the above threads on a similar case regarding British Airways, which was dispensed by the Information Commissioner. But on this occasion, the easyJet will face a different jurisdiction (EU Regs), which tends to be (in my opinion) customer friendly, and likely to award huge compensation. easyJet will have to overcome two separate jurisprudence – the EU (compensation claims) and the Information Commissioner (data breach), a truly double whammy!

The easyJet data breach is the largest in the UK airline industry, some 9 million customers sensitive personal information have been hacked by the cyber attackers, and easyJet had kept that from customers for some 4 months. Ordinarily, when something like that happens, the duty is to inform the customers immediately and warn them about the theft of their personal data, so that the 9 million customers can take appropriate action to prevent fraud, cancel credit cards, change email addresses and so on. That didn’t happen for 4 months. That failure to inform customers swiftly seems a pretty serious one to me.

My background is in another area, but, yup, I’d say it’s an arguable case, under the EU Regulations.

2 users thanked author for this post.

Johnnyg, ASK1945

[Author]

Posts