Home>Security>Cyber Crime>Personal details of nine million customers accessed in easyJet cyber attack
Home>Security>IT Security >Personal details of nine million customers accessed in easyJet cyber attack
Home>Security Matters>Security Matters>Personal details of nine million customers accessed in easyJet cyber attack

Personal details of nine million customers accessed in easyJet cyber attack

21 May 2020

THE BOARD of budget airline easyJet has announced that the business recently suffered from a highly sophisticated cyber attack in which the e-mail addresses and travel details of approximately nine million customers were accessed. Credit card details belonging to 2,208 of those customers were also compromised during the episode.

Apparently, the business was aware of the cyber attack back in January, but was only able to notify the affected customers whose credit card details were compromised in April. The Luton-based company has also notified the Information Commissioner's Office (and discussed the matter with the Information Commissioner), as well as the National Cyber Security Centre (NCSC).

As soon as the business became aware of the attack, immediate steps were taken to respond to and manage the incident. There was necessary engagement with leading forensic experts in order to investigate the issue. Unauthorised access to customers' personal details has been closed off.

There is no evidence to suggest that any personal information of any nature has been misused. However, on the recommendation of the Information Commissioner's Office, the business is communicating with the nine million customers whose travel details were accessed to advise them of protective steps designed to minimise any risk of potential phishing. Customers should continue to be alert as they would normally be, and especially so should they receive any unsolicited communications. easyJet is also advising customers to be cautious of any communications purporting to emanate from easyJet or easyJet Holidays.

Chinese hackers

According to news agency Reuters, two sources close to the investigation said the hacking tools and techniques used in the January attack pointed to a group of suspected Chinese hackers that has targeted multiple airlines in recent months. A spokesperson for easyJet declined to comment on who might have been responsible for the attack, while Reuters could not determine on whose behalf the hackers may have been working.

Stolen credit card data apparently included the three-digit security code - known as the CVV number - on the back of the cards.

easyJet has not provided details about the nature of the attack or the motives behind it, but the post-incident investigation suggests that hackers were targeting company Intellectual Property rather than information that could be used in attempts at identity theft.

A statement on the easyJet website reads: “We take issues of security extremely seriously and continue to invest in order to further enhance our security environment. We're sorry that this has happened, and we would like to reassure customers that we take the safety and security of their information very seriously.”

Affected customers will be notified no later than Tuesday 26 May.

Robust security measures

easyJet CEO Johan Lundgren commented: “We have robust security measures in place to protect our customers' personal information. However, this is an evolving threat as cyber attackers become ever-more sophisticated. Since we became aware of the incident, it has become clear that, owing to COVID-19, there is heightened concern about personal data being used for online scams. Every business must continue to stay agile to stay ahead of the threat. We will continue to invest in protecting our customers, our systems and our data. We would like to apologise to all those customers who have been affected by this incident.”

The low-cost airline operates more than 1,000 domestic and international routes to more than 30 countries and has announced the re-opening of some routes from 15 June.

A spokesperson from the NCSC spokesperson said: “We are aware of this incident and have been working with easyJet from the outset to understand how it has affected people in the UK. The NCSC would recommend anybody with accounts that could have been compromised to be especially vigilant against any unusual activity in their bank accounts or suspicious phone calls and e-mails asking them for further information. We would also recommend considering changing passwords for accounts that could have been affected. More information can be found on the NCSC website.”

Two-factor authentication is a free security feature that affords individuals an extra layer of protection online and can stop cyber criminals accessing accounts even if they have the password. If it is available, the NCSC suggests using it on all important accounts.