EasyJet hit by major cyber attack affecting 9 million customers

No comments

Credit card details of 2,208 people have been stolen

British low cost airline easyJet has been hit by a major cyber-attack.

Approximately 9 million people had their travel details and email addresses accessed. Out of this figure 2,208 had their credit card details stolen, and easyJet has already taken action to contact these customers to offer support. The rest will be contacted directly over the next few days if affected, by the 26 May.

The airline became aware of the attack, thought to be conducted by Chinese hackers, in January, but was only able to notify affected customers last month.

The board of easyJet announced that it had been the target of an attack from a “highly sophisticated” source.

The airline took immediate action to respond ad engaged with forensic experts to investigate further.

In a statement, easyJet added that there is no evidence that any personal information of any nature had been misused.

The airline has notified the information Commissioners Office (ICO), the data regulator and the National Cyber Security Centre. As well as closing of unauthorised access.

The ICO has recommended easyJet contact all those affected due to an increased risk of phishing fraud during the pandemic.

Ever more sophisticated

Johan Lundgren, chief executive at easyJet said: “We take the cyber security of our systems very seriously and have robust security measures in place to protect our customers’ personal information. However, this is an evolving threat as cyber attackers get ever more sophisticated.

“Since we became aware of the incident, it has become clear that owing to Covid-19 there is heightened concern about personal data being used for online scams. As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.

“Every business must continue to stay agile to stay ahead of the threat. We will continue to invest in protecting our customers, our systems, and our data.

“We would like to apologise to those customers who have been affected by this incident.”