It has been reported that the Information Commissioner’s Office has dropped its investigation into a Hack affecting millions EasyJet customers, because it believes “limited resources” would be better spent elsewhere.
Hackers stole nine million details of people in the 2020 attack . EasyJet called GCHQ’s National Cyber Security Centre for help.
The ICO, the data watchdog, launched an investigation immediately into the hack. In 2,200 cases, digital criminals stole personal information, travel plans, and credit card numbers.
The ICO confirmed Sunday, however, that they have dropped the investigation. They will not be imposing any penalties on EasyJet.
A ICO spokesman stated that the regulator was responsible for the whole UK economy, and therefore had to make “difficult choices” about the issues it pursues.
The statement was: “After carefully considering this case, the commissioner decided that pursuing enforcement actions would not be the most effective use of our limited resource at this time.”
Greg Clark, MP, Chairman of Parliament’s Science, Innovation and Technology Committee, announced that he will write to the watchdog and demand an explanation.
He said that regulators have an increasing role to play in protecting people’s privacy, as AI poses new threats.
My committee is concerned that if Government relies on existing regulators such as the ICO they need to have the resources to do their job and command the public’s confidence.
A similar theft from British Airways of data in 2018 was investigated by the ICO and resulted in a fine of £20m.
Jon Baines is a senior data specialist at the City law firm Mishcon de Reya. He questioned the cost of the ICO’s abandoned investigations and claimed that the regulator was softening their approach.
Mr Baines stated: “The ICO has lost its appetite to issue fines over the past year or two.”
“In some cases, fines have been replaced with’reprimands,’ which are little more than a rap on the back of the hand. But here, it sounds as if there will be no finding at all.”
EasyJet’s spokesperson said: “We take the protection and privacy of our customers’ personal data very seriously. We welcome the conclusion by the Information Commissioner’s Office, that no action has been taken.”
Keller Postman, an attorney firm that is pursuing a claim for EasyJet in relation to the 2020 data breach did not respond when asked for a comment.