easyJet has recently revealed that almost 9 million of its customers have had their personal data accessed following a “highly sophisticated” cyber-attack on its system. The mentioned personal data includes credit card details of 2208 of these customers. The airline has confirmed that they have already taken action to contact those individuals and offer support.
For the remaining affected customers, it was there email addresses and travel details that were accessed. easyJet said that these customers should expect to receive contact over the next few days and that the company will “advise them of protective steps to minimize any risk of potential phishing.”
The company instantly took steps to manage the incident as soon as they were aware of the attack and closed off any unauthorised access. It also stated that it has notified the National Cyber Security Centre and the Information Commissioner’s Office (ICO) of the breach. The firm has not shared details regarding the nature of the breach.
At the moment, there appears to be no evidence that the access information has been misused. However, the airline is urging customers to be watchful of any unsolicited communications and to be “cautious of any communications purporting to come from easyJet or easyJet Holidays.”
Johan Lundgren, easyJet chief executive officer, said: “We take the cybersecurity of our systems very seriously and have robust security measures in place to protect our customers’ personal information. However, this is an evolving threat as cyber-attackers get ever more sophisticated.
“Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams. As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.”
The incident has come at a troubling time for easyJet, who currently face the possibility of a large fine under the rules of GDPR.
Commenting on the breach, Felix Rosbach, product manager at data security specialists comforte AG, said: “The aviation industry is struggling at present given the current pandemic so seeing another major airline succumb to a data breach is not pleasant. On first glance, easyJet has followed the correct procedures and informed all affected customers who have had their sensitive data compromised. However, this situation could have been avoided.”