Budget airline operator, easyJet has confirmed that it has suffered a major cyber attack.
The company has revealed that the email and travel details of around 9 million customers have been accessed by hackers. Furthermore, the credit card details of more than 2,000 customers have also been compromised in what was described as a “highly sophisticated” attack.
In a statement, the company said: “There is no evidence that any personal information of any nature has been misused.”
The firm did not immediately give details of how the breach occurred, but said it had “closed off this unauthorised access” and reported the incident to the National Cyber Security Centre and the Information Commissioner’s Office (ICO), the data regulator.
Speaking exclusively to International Security Journal, Andy Watkin-Child CSyP, a Chartered Cybersecurity Professional and Global CISO commented: “At the moment we are speculating about what has happened but reports from the BBC say that the company was first aware of the incident back in January 2020. This raises the question as to why it took easyJet four months to go public and inform its clients? There is little information available on the attack other than a warning to easyjet customers to be vigilant and watch for potential frauds, which is sound advice. Anyone with an easyJet account should change their passwords as a precaution.”
He concluded: “I’d also recommend that anyone who may have been affected ensure that they change the passwords of any other accounts they may use; which use the same credentials as those they used for their easyJet accounts. Hackers are using a technique called ‘Credential Stuffing’, where they use automated systems and stolen user credentials to try and access other accounts on the chance that they are successful.”
With British Airways having suffered a similar data breach recently, it is certainly time for all airlines to take their cybersecurity much more seriously.