Friday, October 23, 2020

Hackers accessed 9 million EasyJet customer’s details

-

EasyJet has admitted that a “highly sophisticated cyber-attack” has affected approximately nine million customers.

It said email addresses and travel details had been stolen and that 2,208 customers had also had their credit card details “accessed”.

The firm has informed the UK’s Information Commissioner’s Office while it investigates the breach.

The BBC understands that it first became aware of the attack in January.

- Advertisement -

It told the BBC that it was only able to notify customers whose credit card details were stolen in early April.

It added that it had gone public now in order to warn the nine million customers whose email addresses had been stolen to be wary of phishing attacks.

In a statement it said: “We take issues of security extremely seriously and continue to invest to further enhance our security environment.

“There is no evidence that any personal information of any nature has been misused, however, on the recommendation of the ICO, we are communicating with the approximately nine million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing.”

Phishing warning

- Advertisement -

“We are advising customers to be cautious of any communications purporting to come from EasyJet or EasyJet Holidays.”

Phishing attempts – which see criminals sending emails with links to fake web pages that steal personal data – have risen exponentially during the coronavirus crisis.

Google is blocking more than 100 million phishing emails every day to gmail users.

It is likely that hackers will take advantage of the fact people are cancelling flights because of the uncertainty related to the spread of Covid-19, says Ray Walsh, a digital privacy expert at ProPrivacy.

“Anybody who has ever purchased an EasyJet flight is advised to be extremely wary when opening emails from now on,” he said.

“Phishing emails that leverage data stolen during the attack could be used as an attack vector at any point in the future.

“As a result, it is important for customers to be vigilant whenever they receive unsolicited emails or emails that appear to be from EasyJet, as these could be fake emails which link to cloned websites designed to steal your data.”

‘Turbulent times’

The coronavirus pandemic has meant an end to much global travel, leaving airlines struggling financially.

“These are already turbulent times for all companies within the aviation industry but the situation has just got significantly worse for EasyJet,” said Mike Fenton, chief executive of threat detection firm Redscan.

“To add to the company’s woes, it now has to explain how the personal records of nine million customers were able to be accessed.

“When it comes to cyber security, the airline industry doesn’t have a great record. The British Airways breach in 2018 should have been a wake-up call and passenger confidence is likely to be at an all-time low after this.”

British Airways announced that the personal details of more than half a million of its customers had been harvested by hackers in September 2018.

- Advertisement -

Initially, it said that only 380,000 transactions were affected and that the data did not include travel or passport details.

The ICO later issued a record £183m fine over the breach.

Millions of EasyJet customers’ details of some sort or another have been accessed by hackers – but even more, people now need to be vigilant.

Generally, personal details can be used by fraudsters to access bank accounts, open accounts and take out loans in the innocent victims’ names, make fraudulent purchases, or sell on to other criminals.

The risks to those whose card details have been compromised are clear. Their provider should already have stopped the card, a new one will be issued, and they will need to sort out any regular payments coming from that card.

Following a similar data breach at British Airways in 2018, some found this a frustrating and time-consuming task.

Millions of people whose email addresses and travel details have been accessed will need to change passwords, and be wary of any unexpected transactions.

Everyone else, particularly EasyJet customers whose details have not been affected, must be alert to other unsolicited emails and messages.

Fraudsters will no doubt pose as EasyJet, banks, or the authorities and claim to be dealing with this latest breach. They are simply trying to steal personal details themselves.

Original articles on BBC

MUST READ

Goldman Sachs executives to cover part payments of $3 billion fines in 1MDB scandal

Nine current or former Goldman Sachs executives, including CEO David Solomon, will have to pay back hundreds of millions of dollars in compensation over...

Goldman Sachs agrees $3 billion settlement with US DoJ over 1MDB corruption scandal

Goldman Sachs has agreed to pay nearly $3bn (£2.3bn) in the US to end a probe of its role in Malaysia's 1MDB corruption scandal. The...

Hong Kong fines Goldman Sachs $350 million over 1MDB scandal

Goldman Sachs ignored multiple red flags over the multibillion-dollar fundraisings it arranged for state fund 1Malaysia Development Berhad, Hong Kong’s financial regulator said on...

Texas attorney general Ken Paxton fires top aide who accused him of bribery

Lacey Mase, one of the top aides who accused Texas Attorney General Ken Paxton of crimes including bribery and abuse of office, has been fired, she told The...

Fundraiser Elliott Broidy pleads guilty in foreign agent case linked to 1MDB

Major Republican Party and Trump fundraiser Elliott Broidy pleaded guilty Tuesday to acting as an unregistered foreign agent, admitting to accepting millions...
Advertisement
Advertisement

Latest News

This Week

Former Blue Bell Creameries CEO indicted for fraud linked to 2015 listeria outbreak

The former president and CEO of Blue Bell Creameries L.P., a Texas ice cream company, was indicted Tuesday on wire fraud charges in connection with a scheme...

Mozambique seeks prosecution of ex-Credit Suisse bankers implicated in debt scandal

Mozambique's Attorney General's Office said on Wednesday it will seek the extradition of three former Credit Suisse CSGN.S bankers implicated in a $2 billion debt scandal...

US financial watchdog fines bitcoin mixer operator $60m for money laundering

The founder and operator of some of the first "mixing" services in crypto will have to cough up $60 million to United States regulators,...

Australian court approves $920 million Westpac money laundering fine

The Federal Court of Australia has agreed on the deal struck between the Australian Transaction Reports and Analysis Centre (AUSTRAC) and Westpac, ordering the Australian...
Advertisement

Adblock Detected!

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by whitelisting our website.

Enable Notifications    Ok No thanks