British Airline EasyJet Breached Customer Data, Credit Cards Accessed
British airline EasyJet announced that the company suffered a data breach. The company stated that nine million customers are impacted by the security incident. A subset had payment card information accessed by hackers. Some customers were already notified of the EasyJet data breach while others will be notified by May 26,
According to a BBC post, the airline first became aware of the attack in January. The EasyJet data breach announcement did not state how the attack happened or when it was discovered. It also did not disclose how long the hackers had access to the customer data. It is common to find that more da was compromised than originally suspected as cyber forensic investigators work on their investigation. Access to the data has since been closed off.
According to the announcement, the email address and travel details of about 9 million EasyJet customers were compromised. Payment cards for 2,208 people were accessed by hackers. EasyJet will be contacting those with stolen payment cards.
EasyJet Chief Executive Officer Johan Lundgren said, “We take the cyber security of our systems very seriously and have robust security measures in place to protect our customers’ personal information. However, this is an evolving threat as cyber attackers get ever more sophisticated.”
No passport information was hacked.
RELATED READ: Delta Airlines Hit by Customer Data Breach
What is EasyJet?
EasyJet plc is a budget airline headquartered in the United Kingdom. The airline is headquartered at London Luton Airport and operates over 1,000 routes in more than 30 countries
In September 2018, British Airways suffered a data breach. In that incident the data of over 500,000 customers was stolen. British Airways was fined £183M by the ICO for the data breach. If EasyJet mishandled customer data, the company could pay fines of up to up to €20 million or 4 percent of its annual worldwide turnover under GDPR.
EasyJet Data Breach – What Should I Do?
EasyJet will notify customers who had credit card numbers stolen by May 26. This affects a small subset of the nine million people who had their emails stolen in the cyber attack. Approximately nine million EasyJet customers had their email and travel details stole. Hackers user information like this for social engineering and to launch future email phishing campaigns.
Stolen personal data, like emails and passwords, can be used in online scams. Customers who are impacted by the EasyJet data breach should be vigilant for email phishing scams and password attacks. Phishing email may come in the form of unsolicited emails including those with seemingly harmless email attachments, directions to visit websites, to send money, or even as extortion scams. When work related emails addresses are phished, they often include direction to pay fraudulent emails by wiring money to bank accounts the hacker controls.
- Be wary of any unsolicited emails – Even if it seems like a familiar name or request, place a phone call the verify the contents and the sender
- Phishing – Phishing email use information stolen in data breaches. These emails may request payment for an invoice, urge readers to click on a link for supposedly important information, or threaten the recipients.
- Passwords – May people reuse the same password across multiple inline accounts. Hackers will use brute force and password spraying attacks to break int stolen email and access any account tied to it. Change your passwords. Use a unique password for all online accounts. If you cannot remember a hard to guess password for each account, the use a password manager to help you.
- Credit Reports – Those who were impacted by the EasyJet data breach should monitor their credit reports. Everyone is entitled to a free credit report from the three major credit reporting bureaus each year. But credit monitoring can notify you of suspicious activity including new lines of credit or increased credit lines immediately.