EasyJet hacked: 9 million customers’ details stolen in ‘sophisticated cyberattack’
Credit card details of more than 2,000 customers exposed
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Airline easyJet said the details of nine million customers have been “accessed” by hackers in a major cyberattack.
The Luton-based carrier said the figure includes 2,208 customers who had their credit card details exposed but there is no evidence that the data has been “misused”.
“There is no evidence that any personal information of any nature has been misused, however ... we are communicating with the approximately nine million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing,” the airline said in a statement.
“We’re sorry that this has happened, and we would like to reassure customers that we take the safety and security of their information very seriously.
“EasyJet is in the process of contacting the relevant customers directly and affected customers will be notified no later than 26 May.”
The airline added that it is working with the Information Commissioner’s Office (ICO) and National Cyber Security Centre to get to the bottom of the attack.
Those whose credit card details were accessed should already have been contacted by the airline, while anyone else affected will be contacted within a week.
In the meantime, easyJet is advising customers to be “extra vigilant, particularly if they receive unsolicited communications” in case the hackers use the stolen details for phishing scams.
CEO Johan Lundgren added that easyJet, like other businesses, must “stay agile to stay ahead of the threat”.
He said: “Since we became aware of the incident, it has become clear that owing to Covid-19 there is heightened concern about personal data being used for online scams.”
Ryan Gracey, solicitor and technology law specialist at law firm Gordons, called the attack “significant”.
“The General Data Protection Regulation makes it clear that organisations must be accountable for the personal data they hold,” he said. “This includes ensuring proper technical and organisational measures are in place to protect personal data against unauthorised or unlawful access and disclosure.
“Aside from reputational damage, EU regulators have the power to issue significant fines for those firms who have their data breached.”
Ray Walsh, digital privacy expert at ProPrivacy.com, advised all easyJet customers to be cautious.
“Anybody who has ever purchased an easyJet flight is advised to be extremely wary when opening emails from now on,” he said. “Phishing emails that leverage data stolen during the attack could be used as an attack vector at any point in the future. As a result, it is important for consumers to be vigilant whenever they receive unsolicited emails or emails that appear to be from easyJet, as these could be fake emails that link to cloned websites designed to steal your data.”
He recommended updating the password for any easyJet accounts, plus updating the passwords on any other accounts that use the same password.
EasyJet flights have largely been grounded since the coronavirus pandemic resulted in travel restrictions being imposed around the globe.
It’s not the first time an airline has suffered a serious cyber attack. In 2018, British Airways had the credit card details of hundreds of thousands of its customers stolen by hackers, prompting a record £183m fine, while Delta and Cathay Pacific were both targeted the same year.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments