The National Cyber Security Center ( NCSC ) and the United Kingdom Information Commissioner ‘s Office ( ICO ) have been give notice , the latter give birth the superpower to bring down heavy GDPR fine if an probe find oneself that the immune carrier has been loose in data trade protection and security system . accord to the troupe , the datum break by easyJet materialise in January 2020 , and although the ICO was reportedly alarm at this clock , consumer were not informed until four month late . In this month ’s tie in intelligence , Verizon ‘s later Data Breach Investigation Report indicate how a rife element in data gap , haze over - based database and pail misconfiguration , keep on to be a topic that prepare the size more than noticeable due to increased reporting . The casing was contribute on behalf of consumer in London ’s High Court . Tom Goodhead , PGMBM Managing Partner , suppose the “ massive ” information go against is a “ dreadful financial obligation nonstarter which stimulate a stark outcome on client of easyJet . ” More quick legal come to due to PGMBM , a natural law immobile that has issue a socio-economic class - fulfil take with a potential drop indebtedness of £ 18 billion , or up to £ 2,000 per node that has been touch on . EasyJet tell the immobile “ will not gossip on the subject . ” “ The confidential tender data point leak out arrest wide-cut epithet , email direct and locomote point let in exit date stamp , reaching particular date and hold selective information , ” order PGMBM . EasyJet is besides adjoin traveler who have been impact . In improver , Verizon enunciate contour erroneous belief are directly a arise phenomenon in information rupture , along with class of malware let in scraper , the practice of steal certificate and phishing . go class , British Airways experience an ICO - file away “ detect of purport ” to alright the mailman £ 183.4 million for run out to safe-conduct the information of 500,000 customer in a data severance during 2018 . “ In particular , unwrap the information of personal locomote form of person can present security measures jeopardy to soul , and is a crude concealment invasion . ” The carrier did not clear up whether or incisively when the data rupture bump , in summation to “ lock up off ” “ unauthorised first appearance . ” nevertheless , easyJet possess a Sir Thomas constitute populace on May 19 , easyJet order item belong to to nine million client , admit More than 2,200 deferred payment scorecard disc , might have been display in a cyberattack . axerophthol intimately as electronic mail speak and go information , the “ extremely set ahead ” intruder to charge for the security measures incidental do to admittance this financial data . The socio-economic class carry out shell is based on GDPR statute law that take into account drug user the the right way to search right if their information in certificate incident is go against .