On 19 May 2020, budget airline EasyJet announced that it had been affected by a serious data breach. Approximately nine million customers had email and travel details stolen. A further 2,208 customers had credit and debit card details compromised, including the 3-digit security code known as the CVV number.

The breach took place in January 2020, meaning it took four months for EasyJet to notify its customers. EasyJet asked victims to ‘please be extra careful about phishing attacks’, stressing the threat that victims face from fraudsters.


On 7 September 2018, British Airways announced that their online reservation systems had been accessed by an unauthorised third party, compromising the data of over 420,000 customers.

The breach affected customers who had entered or amended data for their flight bookings on the British Airways website and app between 21 August and 5 September 2018.

Initially, BA was fined £183 million by the Information Commissioner’s Office – a regulator – for the breach. However, in October 2020 a decision was granted to levy the fine, reducing it to £20 million. None of this money will go to the affected customers.


PGMBM (a trading name of Excello Law Limited) – SRA License Number 512898

Excello Law is authorised and regulated by the Solicitors Regulation Authority and complies with the Solicitors Code of Conduct, a copy of which can be located here.