As reported by ITPro, EasyJet is facing an £18 billion class-action lawsuit over the recent large-scale data breach that exposed the personal details of nine million of its customers.
Law firm PGMBM said it has issued a class-action claim in the High Court of London with a potential liability of £18 billion. If successful, each customer impacted by the breach could receive a payout of £2,000. This move follows the airline’s recent announcement that it had been the subject of a “highly sophisticated cyber-attack” in which the email addresses and travel details of around nine million customers were accessed, as well as the credit card details of 2,208 customers.
The financial implications of this large-scale data breach are only just coming to light and should provide a stark reminder to businesses of the massive implications such breaches cause. While the financial penalties can be gigantic, businesses must also take heed to the fact of the reputational damage that can be caused that may be difficult to recover from. Consumers trust the organisations they do business with to protect and safeguard their data. Any organisation that fails to do so will break this trust and is likely to lose business as a result.
To properly protect data, security teams within an organisation must assess their database security and always follow best practise. Database misconfiguration is often overlooked and so it’s crucial that IT teams understand their environment and know where the data is being stored so that they are able identify any vulnerabilities quickly and easily and issue a patch update where required. It is also advisable that organisation carry out pen testing so that they are able to identify any flags quickly. It is also important to ensure staff are trained correctly so that they can be aware of basic data security principles.
The importance of correctly securing data cannot be underestimated. You only need to look at organisations who have suffered from large-scale breaches previously to see the reputational impact that they have suffered.
Data breaches are not to be taken lightly, hence the repercussions are aligned to highlight the magnitude of the breach. Personal data in the wrong hands can potentially cost individuals much more than £2000. Moreover, breaches involving credit card information have the potential of being 10 times this, and should not be shrugged off by any means by those in the firing line.
The likelihood is that this attack was a clever little credit card skimming hack placed on the website which simply went unnoticed. Whether that is seen as “sophisticated” or not may come out in later analysis but for now such details are bare.
Data breaches are dangerous to individuals but even more damaging to the companies that are hit with it. This will hopefully act as a warning to others in similar positions but after similar attacks such as seen on British Airways last year, my hunch is that it will be in vain.