Low-cost airline company EasyJet has announced that it recently suffered a cyber attack that compromised the personal information of over 9 million customers, including credit card numbers of 2,208 flyers.
The airline company announced earlier today that that sophisticated cyber attack compromised personal details of travellers such as email addresses, credit card details, and travel information. EasyJet said it has already contacted over two thousand customers, whose credit card details were accessed, to warn them about phishing scams.
“There is no evidence that any personal information of any nature has been misused. However, we are communicating with the approximately 9m customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing,” the company said this morning.
“Since we became aware of the incident, it has become clear that owing to Covid-19 there is heightened concern about personal data being used for online scams. As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications,” said Johan Lundgren, CEO of EasyJet.
The company also revealed that it has succeeded in closing off the unauthorised access and has informed the Information Commissioner's Office as well as the National Cyber Security Centre about the security incident.
“We take issues of security extremely seriously and continue to invest to further enhance our security environment. EasyJet is in the process of contacting the relevant customers directly and affected customers will be notified no later than the 26th of May,” it said.
Personal details of EasyJet customers will be used in new phishing campaigns
In an advice to affected EasyJet customers, Boris Cipot, senior security engineer at Synopsys, said:
“EasyJet has notified all affected customers about the breach and I would urge these customers to call their bank and credit card companies to find out what the next steps are to ensure their accounts are secure. This may require the cancellation and replacement of affected cards. Affected account passwords should also be changed immediately.
“As there are many services that use your name, address and a credit card number as proof of identification, be on the lookout for attempts at identity theft. Talk to your bank/credit card company to see if they can give you a list of all the occasions when attempts were made to use your credit card,” he said, adding that changing passwords frequently and using different passwords for different accounts will also prevent account compromise.
According to Brian Higgins, a security specialist at Comparitech.com, attacks like this have enormous, knock-on effects for the victims. Once the attack is made public, criminal organisations will immediately seek to take full advantage of the fear and uncertainty the 9 million customers of EasyJet are currently feeling and begin campaigns to exploit them.
“They will email, call on the telephone and make contact via social media channels. In fact they will use any and all methods to make contact, pretend to be EasyJet and use that fear and uncertainty to make people reveal more of their personal information, login credentials and bank details in order to commit more crime.
“Any and all unsolicited contact from EasyJet should be ignored, however difficult that may be. You should also check their official website or contact the Office of the Information Commissioner for advice. Never engage with any other offers of help. They will almost certainly cause you more harm. This is the golden hour for cybercriminals. EasyJet customers have one line of defence right now. Ignore them,” he added.