EasyJet hit with massive cyber attack

Leading airline hit with a ‘highly sophisticated’ cyber attack, which is reported to have affected the person data of around nine million of its customers

by Patrick Sullivan, Political Editor on 19 May 2020 16:21


EasyJet has admitted that a "highly sophisticated cyber-attack" has affected approximately nine million customers, in a major security breach. The company has admitted that email addresses and travel details had been stolen and that 2,208 customers had also had their credit card details have been accessed as part of the fraud.

EasyJet has informed the UK's Information Commissioner's Office while it investigates the breach. The company claims it had not gone public so it could warn the nine million customers whose email addresses had been stolen to be wary of phishing attacks.

In a statement, EasyJet said, "We take issues of security extremely seriously and continue to invest to further enhance our security environment,"

"There is no evidence that any personal information of any nature has been misused, however, on the recommendation of the ICO, we are communicating with the approximately nine million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing.

"We are advising customers to be cautious of any communications purporting to come from EasyJet or EasyJet Holidays."

In response to the breach, the ICO said that it had launched an investigation.

Cyber chief Andy Heather, VP EMEA, Centrify said, “These uncertain times have given rise to a new cadence of cyber attacks facing organisations, and hackers are increasingly targeting vital industries which may have become more vulnerable due to COVID-19. Unfortunately, new remote working conditions combined with IT and security budget constraints, has meant organisations are facing unprecedented levels of cyber attacks.

“The EasyJet data breach means millions of customers’ passwords and email addresses have been leaked, and therefore it is of the utmost importance that these customers change their log-in credentials for all platforms which also utilise these passwords. Moving forward, it is also essential that multi-factor authentication steps are implemented on all personal and professional devices and accounts, and organisations must implement privileged access management security protocols so that hackers are stopped in their tracks. It’s worth remembering that it’s no longer ‘business as usual’ for organisations across the world, but for cyber criminals it’s just another day in the office.”

Meanwhile Andy Harcup, VP Sales for Absolute Software, added, “Cyber criminals are opportunistic and immoral, and have increasingly targeted large, small and medium-sized organisation with a plethora of sophisticated scams, malware, phishing and hacking attacks, hoping to capitalise on their weakened state as a result of COVID-19. “Unfortunately, the influx of remote working and abundance of new, as well as personal, devices which are now being used for work, has expanded cyber attackers’ windows of opportunity – providing them with a much larger range of devices and untrained remote workers to target.

“Ensuring an attack of this scale does not happen again requires a concerted effort across all operations of an organisation. This starts with implementing comprehensive and resilient endpoint security which enables IT managers to remotely secure or disable any potentially corrupted devices from the safety of their own home.”

Additionally, Tim Sadler, CEO, Tessian warned, “EasyJet customers are now at greater risk of phishing scams following this cyberattack, and people need to be wary of emails they receive purporting to come from the airline company. Always check the sender name and email address match up and if you're being asked to carry out an urgent action, verify the legitimacy of the request by contacting EasyJet directly using details on their website.

"Unfortunately, it was only a matter of time before a cyber attack of this scale crippled a large organisation, and the attack should act as a warning to all organisations that no one is safe from a severe breach of data. Cybercriminals have not missed a trick to capitalize on the COVID-19 crisis, and we've seen a huge increase in the number of cyber attacks and scams during this time.

"The travel industry especially has been severely impacted by COVID-19, and there’s no telling how much more damaging this cyber breach will be to EasyJet's future. Moving forward, organisations should prioritise security protocols, implement sophisticated protection software, and ensure all employees are aware of security best practices, and carrying them out at all times.”

blog comments powered by Disqus