Easyjet hacked: data of 9 million customers leaked, including credit card details
EasyJet has admitted that a “highly sophisticated cyber-attack” has affected approximately nine million customers.
It said email addresses and travel details had been stolen and that 2,208 customers had also had their credit card details “accessed”.
The firm has informed the UK’s Information Commissioner’s Office while it investigates the breach.
EasyJet first became aware of the attack in January. It told the BBC that it was only able to notify customers whose credit card details were stolen in early April.
It added that it had gone public now in order to warn the nine million customers whose email addresses had been stolen to be wary of phishing attacks.
It said that it would notify everyone affected by 26 May.
“We take issues of security extremely seriously and continue to invest to further enhance our security environment,” it said in a statement.
“There is no evidence that any personal information of any nature has been misused, however, on the recommendation of the ICO, we are communicating with the approximately nine million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing.
“We are advising customers to be cautious of any communications purporting to come from EasyJet or EasyJet Holidays.”
In response to the breach, the ICO said that it was investigating.
“People have a right to expect that organisations will handle their personal information securely and responsibly. When that doesn’t happen, we will investigate and take robust action where necessary.”
Ray Walsh, digital privacy expert at ProPrivacy.com, advises all easyJet customers to be cautious.
“Anybody who has ever purchased an easyJet flight is advised to be extremely wary when opening emails from now on,” he says. ”Phishing emails that leverage data stolen during the attack could be used as an attack vector at any point in the future. As a result, it is important for consumers to be vigilant whenever they receive unsolicited emails or emails that appear to be from easyJet, as these could be fake emails that link to cloned websites designed to steal your data.”
He recommends updating the password for any easyJet accounts, plus updating the passwords on any other accounts that use the same password.
EasyJet flights have largely been grounded since the coronavirus pandemic resulted in travel restrictions being imposed around the globe.
19.05.2020 at 16:00
Travel news