UK budget airline EasyJet reported on Tuesday that hackers accessed the email addresses and travel details of more than 9 million customers in a “highly sophisticated” cyberattack. The hackers also accessed the credit card details of 2,208 customers.
The airline in the coming days will contact customers whose details were exposed in the breach. It has already contacted, and offered support to, those whose credit card information was accessed.
“We take the cyber security of our systems very seriously and have robust security measures in place to protect our customers’ personal information,” said EasyJet CEO Johan Lundgren in a statement. “However, this is an evolving threat as cyber attackers get ever more sophisticated. … We would like to apologise to those customers who have been affected by this incident.”
As soon as the airline became aware of the attack, it took steps to respond to and manage the incident and engaged forensic experts to investigate the issue, EasyJet said. It also notified the National Cyber Security Centre and the ICO, the UK’s data protection watchdog.
“We have a live investigation into the cyber attack involving easyJet,” said a spokeswoman for the ICO in a statement. “People have the right to expect that organisations will handle their personal information securely and responsibly. When that doesn’t happen, we will investigate and take robust action where necessary.”
The ICO will be able to examine whether EasyJet should be fined under Europe’s General Data Protection Regulation (GDPR), which is part of UK law.
The entirety of the 25-year-old airline’s fleet, which operates on international routes all over Europe, is grounded due to the COVID-19 pandemic, meaning the travel plans of many customers will likely be canceled. In spite of this, EasyJet said customers should be on the lookout for phishing scams and be cautious about any communications purporting to come from EasyJet or EasyJet Holidays.
Here’s how scammers are using the coronavirus to cash…