EasyJet revealed that they were exposed to a cyber-attack from a “sophisticated source”. These cyber-attackers accessed the email address and travel details of approximately nine million customers, including the credit card details of over 2,000 passengers.
How was the situation handled?
EasyJet claimed that there is no evidence that any personal information of any nature has been misused. However, on an ICO’s (Information Commissioner’s Office) suggestion, the airline said they were communicating with the 9 million customers whose details were accessed and taking preventive measures to minimize any potential hacking of those details.
EasyJet took immediate action to contact all of those customers and offered them support. “We take the cybersecurity of our systems very seriously and have robust security measures in place to protect our customers’ personal information. However, this is an evolving threat as cyber attackers get ever more sophisticated,” said Johan Lundgren, chief executive of EasyJet.
“Since we became aware of the incident, it has become clear that owing to Covid-19 there is heightened concern about personal data being used for online scams. As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications,” he added.
The breach has been contained
EasyJet had notified the National Cyber Security Centre, while the breach in security had been blocked. Jeremy Hendy, the chief executive of Skurio, said: “Customers of easyJet should be changing security information for web accounts or app usage immediately as a precaution and monitor their bank account for fraudulent activity.”
He added: “They should also be wary of any correspondence they receive by email or text message. We have seen previously that criminals use these types of incidents to slip phishing attempts under the radar. This is done by recycling contact details from historic breaches and hoping worried customers will let their guard down. With nine million travel customers affected there could be a significant overlap with previous similar breaches such as British Airways and Marriot Hotels.”