Nine Million EasyJet Customers Hacked

British budget airline EasyJet has said that nine million customer data, email addresses and travel details have been stolen and that 2,208 customers also had their credit card details hacked.

EasyJet say they first became aware of the attack in January. Stolen credit card data included the three digital security code, known as the CVV number, on the back of the card itself. It admitted that it has only gone public now in order to warn the nine million customers whose email addresses had been stolen to be wary of phishing attacks, saying that it will notify everyone affected by 26 May.

The airline did not provide details about the nature of the attack or the motives, but said its investigation suggested hackers were targeting "company intellectual property" rather than information that could be used in identity theft. 

"There is no evidence that any personal information of any nature has been misused, however, on the recommendation of the ICO, we are communicating with the approximately nine million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing.....We are advising customers to be cautious of any communications purporting to come from EasyJet or EasyJet Holidays," the company said.

Phishing 
Phishing attempts, which see criminals sending emails with links to fake web pages that steal personal data, have risen exponentially during the coronavirus crisis. Google blocks over 100 million phishing emails daily to Gmail users.
Under GDPR (General Data Protection Regulation), if EasyJet is found to have mishandled customer data, it could face fines of up to 4% of its annual worldwide turnover.

Generally, personal details can be used by fraudsters to access bank accounts, open accounts and take out loans in the innocent victims' names, make fraudulent purchases, or sell on to other criminals. The risks to those whose card details have been compromised are clear. Their provider should already have stopped the card, a new one will be issued, and they will need to sort out any regular payments coming from that card.

Following a similar data breach at British Airways in 2018, some found this a frustrating and time-consuming task.
Millions of people whose email addresses and travel details have been accessed will need to change passwords, and be wary of any unexpected transactions.

Everyone else, particularly EasyJet customers whose details have not been affected, must be alert to other unsolicited emails and messages. 

Fraudsters will likely try to impersonate as EasyJet, banks, or the authorities and claim to be dealing with this latest breach to defraud customers. They are simply trying to steal personal details themselves. Keep a close eye on credit card bills for anything untoward. You should change any passwords on affected accounts – and also any others if you used the same password elsewhere.

If you get a call from your bank or card company saying it has noticed fraudulent transactions, be on your guard. End the call and then phone the bank or card company back to check it was legitimate. Also, don’t hand over any passcodes or passwords to anyone, whoever they claim to be.

VOA News:   BBC:       Guardian:     Metro

You Might Also Read: 

The BA Hack And How Not To Respond To A Cyber Attack:

Air Travel Needs Stronger Cyber Security:

 

 

 

 

« EU Parliament Suffers A Major Attack
Employees Lack Cyber Protection In Lockdown »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Blue Solutions

Blue Solutions

Blue Solutions is a consultancy-led, accredited software distributor who provides IT solutions and support to small and medium enterprises.

A10 Networks

A10 Networks

A10 Networks is a leader in application networking, helping organizations of all sizes to accelerate, optimize and secure their applications.

Alert Logic

Alert Logic

Alert Logic delivers unrivaled security for any environment, delivering industry-leading managed detection and response (MDR) and web application firewall (WAF) solutions.

Cyberbit

Cyberbit

Cyberbit empowers cybersecurity teams to be fully prepared with a product portfolio ready to detect and respond effectively across both IT and OT networks.

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

Digital Innovation Hub Slovenia (DIH)

Digital Innovation Hub Slovenia (DIH)

DIH Slovenia is a central hub providing services to grow digital competencies in areas including robotics, IoT, cyberphysical systems and cybersecurity.

CyberArts

CyberArts

CyberArts is founded on the belief that every single organization deserves and requires the creme de la creme when there is a need for Cyber services.

Bridewell

Bridewell

Bridewell provide cost effective Security & Risk Assurance Services across Information Security, Cyber Security, Technology Risk, Security Testing and Data Privacy.

Fischer Identity

Fischer Identity

Fischer Identity provide identity & access management and identity governance administration solutions.

NexGenT

NexGenT

NexGenT have combined military-style training with decades of network engineering and cyber security experience into an immersive program to get people into cyber security fast and effectively.

OWN

OWN

OWN (formerly SEKOIA) is a major French player in cybersecurity providing tailor-made, informed and adapted cyber support thanks to its DNA of passionate and committed experts.

AirEye

AirEye

AirEye is a leader in Network Airspace Protection (NAP). Block attacks against your corporate network launched from wireless devices in your corporate network airspace.

Ministry of Electronics & Information Technology (MeitY)

Ministry of Electronics & Information Technology (MeitY)

The Ministry of Electronics & Information Technology is an executive agency responsible for IT policy, strategy and development of the electronics industry.

NetHope

NetHope

NetHope is a membership-based organization serving the international nonprofit humanitarian, development, and conservation sector through digital transformation.

5S Technologies

5S Technologies

5S Technologies is a regional IT solutions and services provider based in Cary, NC and serving the Carolinas.

USX Cyber

USX Cyber

USX Cyber was founded on the idea that small and medium businesses deserve and require the same level and sophistication of cyber protection as large enterprises.