Hackers Hit EasyJet in Cyberattack Exposing Data of 9 Million Customers

EasyJet says 9 million travel records taken in data breach

Hackers accessed personal information for millions of easyJet customers in a "highly sophisticated" cyber attack, the British budget airline said Tuesday.

However, the company clarified that out of the nine million affected customers, only 2,200 customers' credit card details were compromised. Easyjet insists that the passport and credit card details of almost all of those people were not affected. "These affected customers will be contacted in the next few days".

CEO Johan Lundgren added that easyJet, like other businesses, must "stay agile to stay ahead of the threat".

"Interest in who is travelling on which routes can be valuable for counter-intelligence or other tracking of persons of interest", said Saher Naumaan, a threat intelligence analyst at BAE Systems, who has investigated similar attacks.

"If you have been caught up in a hack then you are very likely to be targeted by scammers", he said.

Jake Moore of infosec biz Eset warned customers to take it seriously: "The biggest problem for EasyJet now is to get this information out to all their customers and make them safe".

EasyJet says 9 million travel records taken in data breach

According to EasyJet's statement, the company immediately contained the attack (the point of access is no longer available for malicious actors) and contacted the relevant authorities, including the Information Commissioner's Office ("ICO") and National Cyber Security Centre in the UK. "Talk to your bank/credit card company to see if they can give you a list of all the occasions when attempts were made to use your credit card".

"...the Board of easyJet announces that it has been the target of an attack from a highly sophisticated source", the airline said in its statement.

An NCSC spokesman said: "We are aware of this incident and have been working with EasyJet from the outset to understand how it has affected people in the United Kingdom".

Millions of EasyJet customers' details of some sort or another have been accessed by hackers - but even more people now need to be vigilant. Customers affected by the breach will be contacted no later than 26 May.

EasyJet could face the risk of a large fine under General Data Protection Regulation (GDPR) rules if found to not have protected its customers properly.

"Despite airlines now well below flying capacity, and the majority of aircraft grounded, security for the travel industry must still be paramount, especially with the "cyber-pandemic" rising alongside the COVID-19 disease".



Other news