Nine Million EasyJet Customers Hacked

Uploaded on 2020-05-20 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Transport & Travel

British budget airline EasyJet has said that nine million customer data, email addresses and travel details have been stolen and that 2,208 customers also had their credit card details hacked.

EasyJet say they first became aware of the attack in January. Stolen credit card data included the three digital security code, known as the CVV number, on the back of the card itself. It admitted that it has only gone public now in order to warn the nine million customers whose email addresses had been stolen to be wary of phishing attacks, saying that it will notify everyone affected by 26 May.

The airline did not provide details about the nature of the attack or the motives, but said its investigation suggested hackers were targeting "company intellectual property" rather than information that could be used in identity theft. 

"There is no evidence that any personal information of any nature has been misused, however, on the recommendation of the ICO, we are communicating with the approximately nine million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing.....We are advising customers to be cautious of any communications purporting to come from EasyJet or EasyJet Holidays," the company said.

Phishing 
Phishing attempts, which see criminals sending emails with links to fake web pages that steal personal data, have risen exponentially during the coronavirus crisis. Google blocks over 100 million phishing emails daily to Gmail users.
Under GDPR (General Data Protection Regulation), if EasyJet is found to have mishandled customer data, it could face fines of up to 4% of its annual worldwide turnover.

Generally, personal details can be used by fraudsters to access bank accounts, open accounts and take out loans in the innocent victims' names, make fraudulent purchases, or sell on to other criminals. The risks to those whose card details have been compromised are clear. Their provider should already have stopped the card, a new one will be issued, and they will need to sort out any regular payments coming from that card.

Following a similar data breach at British Airways in 2018, some found this a frustrating and time-consuming task.
Millions of people whose email addresses and travel details have been accessed will need to change passwords, and be wary of any unexpected transactions.

Everyone else, particularly EasyJet customers whose details have not been affected, must be alert to other unsolicited emails and messages. 

Fraudsters will likely try to impersonate as EasyJet, banks, or the authorities and claim to be dealing with this latest breach to defraud customers. They are simply trying to steal personal details themselves. Keep a close eye on credit card bills for anything untoward. You should change any passwords on affected accounts – and also any others if you used the same password elsewhere.

If you get a call from your bank or card company saying it has noticed fraudulent transactions, be on your guard. End the call and then phone the bank or card company back to check it was legitimate. Also, don’t hand over any passcodes or passwords to anyone, whoever they claim to be.

VOA News:   BBC:       Guardian:     Metro

You Might Also Read: 

The BA Hack And How Not To Respond To A Cyber Attack:

Air Travel Needs Stronger Cyber Security:

 

 

 

 

« EU Parliament Suffers A Major Attack
Employees Lack Cyber Protection In Lockdown »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Webroot

Webroot

Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe.

Crossmatch

Crossmatch

Crossmatch is a world leader in risk-based composite authentication and biometric identity management.

Ethoca

Ethoca

Ethoca is a secure network for card issuers and merchants to connect and work cooperatively outside the payment network in a unique and powerful way.

ThreatMark

ThreatMark

ThreatMark provides fraud detection solutions for digital banking and payments.

SoftLock

SoftLock

Softlock is a regional leader in Information Security providing solutions, consulting, integration and testing services to protect information assets, identities and supporting infrastructure.

th4ts3cur1ty.company

th4ts3cur1ty.company

th4ts3cur1ty.company specialize in delivering intelligence lead adversary emulation purple teaming & the bespoke building of Security Operation Centers.

GreenWorld Technologies

GreenWorld Technologies

GreenWorld has a proven track record in industry leading IT asset management, secure data destruction and remarketing.

Kindus

Kindus

Kindus is an IT security, assurance and cyber security risk management consultancy.

SecureLogix

SecureLogix

SecureLogix deliver a unified voice network security and call verification solution. Protect against call attacks & fraud.

Cyphere

Cyphere

Cyphere is a cyber security company that helps to secure most prized assets of a business. We provide technical risk assessment (pen testing/ethical hacking) and managed security services.

RedHunt Labs

RedHunt Labs

RedHunt Labs is a premier Cybersecurity Solutions provider, offering Attack Surface Management solution 'NVADR' and Penetration Testing services.

PCS Security (PCSS)

PCS Security (PCSS)

PCS Security provides secure, reliable and state-of-the-art security solutions to help our customers address their security concerns.

IDECSI

IDECSI

IDECSI delivers cutting-edge technology and engages all employees in the security system for effective and cost-efficient data protection.

G-71

G-71

G-71 LeaksID is a cutting-edge ITM technology aimed at safeguarding sensitive documents from insider threats.

ZainTech

ZainTech

Zaintech is a regional digital & ICT solutions provider offering comprehensive digital solutions and services to enterprise and government customers in the MENA region.

EPAM Systems

EPAM Systems

Since 1993, EPAM Systems has leveraged its advanced software engineering heritage to become a leading global digital transformation services provider.