View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

EasyJet Hacked: 9 Million Customers Affected

More details to follow

By CBR Staff Writer

easyJet says it has been hacked in a “highly sophisticated” (aren’t they all?) breach that saw the email and travel details of nine million customers stolen.

Our forensic investigation found that, for a very small subset of customers (2,208), credit card details were accessed”, the budget airline added. 

The attack comes at the worst possible time for the airline, with business frozen and the company having had to scramble to repatriate around 45,000 customers in the wake of the COVID-19 outbreak.

easyJet has notified the ICO and in theory faces the prospect of a substantial fine under GDPR. Affected customers will be notified by May 26. The company did not say when the breach occurred or when it became aware of it.

(The ICO has said it will take a lenient approach to reporting amid the COVID-19 outbreak. Critics say it has effectively “downed tools”, as Wired notes.)

The ICO in July 2019 said it would be fining British Airways £183.39 million for its own string of security failings, which included a Magecart-style card-skimming attack on its website.

Read this: BA Hack: Precise Script, Threat Group Identified by RiskIQ

easyJet CEO Johan Lundgren said: “We take the cyber security of our systems very seriously and have robust security measures in place to protect our customers’ personal information. However, this is an evolving threat as cyber attackers get ever more sophisticated.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams.  As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant.

The company promised to “continue to invest to further enhance our security environment” and warned customers to be alert to phishing attacks in the coming weeks.

Security firm SonicWall‘s Terry Greer-King, VP EMEA, said: “Attacks such as the one on Easyjet should remind CTOs, CIOs and CISOs to implement security best practices like a layered approach to protection, and update any out-of-date security devices, applications or systems as a matter of course.

“Businesses should be working very closely with their security providers to gain a clear and real-time picture of security risks and the impact they could potentially pose to their organization. It is certain that stakeholder confidence will be shaken as a result [of this breach]. Under GDPR, Easyjet may also expect a hefty fine along the lines of the British Airways and Marriot fines.

Do you have more details on the breach/threat vector? Get in touch on ed dot targett at cbronline dot com

See also: Ransomware? What’s That? 

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.