EasyJet Experienced Data Breach Affecting More Than 9 Million Of Its Customers

21/05/2020

EasyJet, which is one of UK’s largest airline companies, experienced a data breach where hackers managed to get their hands on email addresses and travel details of its 9 million customers.

The company that operates domestic and international scheduled services on over 1,000 routes in more than 30 countries via its affiliate airlines, said that 2,200 of its customers also had their credit card details accessed in the data breach. Fortunately, passport records were not accessed, a company statement said.

EasyJet did not say when the “highly sophisticated actor” managed to hack its servers or when had it happened.

The company however, said that it referred the incident to the Information Commissioner’s Office, the UK’s data protection agency.

This is because companies are given 72 hours to inform regulators of a security incident under European data protection rules.

EasyJet

In a statement, CEO of EasyJet Johan Lundgren said that:

"We take the cyber security of our systems very seriously and have robust security measures in place to protect our customers' personal information. However, this is an evolving threat as cyber attackers get ever more sophisticated."

"Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams. As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications."

"Every business must continue to stay agile to stay ahead of the threat. We will continue to invest in protecting our customers, our systems, and our data."

"We would like to apologise to those customers who have been affected by this incident."

Besides informing the Information Commissioner’s Office, EasyJet has also notified UK’s National Cyber Security Centre, once it became aware of the breach.

EasyJet said that it would also notify all customers who had their credit card numbers stolen by May 26, and advised all of its customers to be wary of malicious emails that might use stolen travel information to try to steal even more data.

Lundgren also pointed to the 'COVID-19' coronavirus pandemic as a catalyst for hackers targeting personal information at a greater rate.

EasyJet is just like most other companies in the world, as it has been hit hard by the coronavirus pandemic.

And just like others in the aviation industry, the airline company sees far less travelers because people are forced to remain indoors and practice social distancing by governments' rules,

Prior to the pandemic, EasyJet carried more than 28 million passengers in 2019, and was considered as UK’s biggest airline carrier. But during the pandemic, the company was one of the first to ask the UK government for a bailout to prevent financial collapse.

And with this data breach, the budget airline which has grounded most if not all of its fleets due to the COVID-19 pandemic and is locked in a battle with its founder and biggest shareholder, could face a hefty fine.