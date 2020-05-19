Infosecurity Group Websites
Latest
News

easyJet Says Details of Nine Million Customers Accessed in Data Breach

easyJet has revealed that the personal data of approximately nine million of its customers has been accessed following a “highly sophisticated” cyber-attack on its system. This includes credit card details of a small subset of these customers (2208), with the airline confirming it has already taken action to contact and offer support to those individuals.

For the rest of the customers affected, email addresses and travel details were accessed. Easyjet said these customers will be contacted in the next few days to and the company will “advise them of protective steps to minimize any risk of potential phishing.”

The company took immediate steps to manage the incident once it was aware of the attack and closed off the unauthorized access. It also stated that it has notified the National Cyber Security Centre and the Information Commissioner's Office (ICO) of the breach. The firm has not given any details on the nature of the breach.

There is currently no evidence that the information accessed has been misused; however, the airline is urging its customers to stay alert to any unsolicited communications and to be “cautious of any communications purporting to come from easyJet or easyJet Holidays.”

Johan Lundgren, easyJet chief executive officer, said: “We take the cybersecurity of our systems very seriously and have robust security measures in place to protect our customers’ personal information. However, this is an evolving threat as cyber-attackers get ever more sophisticated.

“Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams. As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.”

The incident has come a particularly bad time for easyJet, who face the possibility of a large fine under General Data Protection Regulation (GDPR) rules.

Commenting on the breach, Felix Rosbach, product manager at data security specialists comforte AG, said: “The aviation industry is struggling at present given the current pandemic so seeing another major airline succumb to a data breach is not pleasant. On first glance, easyJet has followed the correct procedures and informed all affected customers who have had their sensitive data compromised. However, this situation could have been avoided.”

Last year, British Airways (BA) was hit by a record £183m GDPR (intention to) fine after failing to prevent a digital skimming attack in 2018.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

CISSP Qualification Given Cert Status Equivalent to Master’s Degree Level

2
News

REvil Ransomware Gang Threatens to Release Dirt on Trump

3
News

Police Catch Suspects Planning #COVID19 Hospital Ransomware

4
News

Texas Takes Second Ransomware Hit

5
News

Crypto-Miners Take Out Supercomputers Working on #COVID19

6
News

Norway's Wealth Fund Loses $10m in Data Breach

1
News

REvil to Auction Stolen Madonna Data

2
News

Minnesota Sees Surge in Sex Crimes Against Minors Online

3
News

New Program Trains Dallas Veterans for Cybersecurity Careers

4
News

NTT Report Demonstrates Changing Approaches of Cyber-Criminals

5
News

easyJet Says Details of Nine Million Customers Accessed in Data Breach

6
News

Trust in Data and Metrics Processes Cause Security Headaches for Financial Services

1
Webinar

Protecting your Organization Against Phishing Attacks

2
Webinar

Safeguarding Your Digital Transformation with Detection and Response

3
Webinar

Why Remediation Needs to be Part of Your Vulnerability Management Program

4
Webinar

#WFH and Network Security – Lessons Learned So Far

5
Webinar

Remotely Manage Secure File Transfers Amid COVID-19 and Beyond

6
Webinar

Advanced Protection Against Zero Day Threats and Malware

1
Opinion

We Don’t Need More Cybersecurity, We Need Better Cybersecurity

2
Blog

Why Data Centers Need Formal Data End-of-Life Processes

3
Interview

Interview: Debra Danielson, CTO and SVP of Engineering, Digital Guardian

4
News Feature

Meeting the Author of the #LoveBug - ‘Crime Dot Com’ Preview

5
Next-Gen

Interview: David Shrier, Oxford Cyber Future

6
Webinar

Why Remediation Needs to be Part of Your Vulnerability Management Program