easyJet hack: details stolen of 9 million customers

Low-cost British airline group easyJet has been “the target of an attack from a highly sophisticated source,” according to a statement released by the company. A forensic investigation found that details of approximately 9 million customers were accessed, along with credit card details of 2,208 customers. The customer details stolen include the name, email address, origin and destination airports, and departure date, but passport data has not been stolen, says the company.

The airline has engaged forensic experts to investigate the issue and notified the National Cyber Security Centre as well as the UK’s Information Commissioner’s Office (ICO). It is also in the process of contacting all the affected customers, and claims there is “no evidence that any personal information of any nature, including credit card data, has been misused.”

Boris Cipot, Senior Security Engineer, Synopsys Software Integrity Group, commenting on the breach, said: “While easyJet has reported that there’s no evidence that the accessed data has been misused, no one can be certain that the data won’t be misused in the future. easyJet has notified all affected customers about the breach and I would urge these customers to call their bank and credit card companies to find out what the next steps are to ensure their accounts are secure. This may require the cancellation and replacement of affected cards. Affected account passwords should also be changed immediately.”

The breach began in April this year, when easyJet notified a small group of customers whose credit card details had been impacted, and set up a dedicated helpline and monitoring service for them. Working closely with the ICO and following those discussions, it is now notifying other customers impacted by this incident.

The airline has warned of an increase in phishing attacks since the outbreak of COVID-19, and asked its customers “to be cautious of any communications claiming to be from easyJet or easyJet holidays.”

easyJet Chief Executive Officer Johan Lundgren said: “We take the cyber security of our systems very seriously and have robust security measures in place to protect our customers’ personal information. However, this is an evolving threat as cyber attackers get ever more sophisticated. Every business must continue to stay agile to stay ahead of the threat. We will continue to invest in protecting our customers, our systems, and our data.”

“We would like to apologise to those customers who have been affected by this incident,” he said in a statement to the London Stock Exchange.

Prash Somaiya, Technical Program Manager, HackerOne, commented: “So many organisations and businesses are facing threats to their very existence at the moment that cyber threats almost pale into significance compared to the other challenge. However, cybercriminals will take advantage of anyone taking their eye off the ball and will be targeting industries and companies they think are struggling, knowing that budgets will be cut and focus will be elsewhere.”