Airline forced to apologise following the theft of 2,200 passengers credit card details.
EasyJet has just announced that the personal information of 9 million customers was accessed in what it has described as a “highly sophisticated” cyber-attack.
Announced just today, Tuesday, the airline explained that both email addresses & travel details were accessed, & it would therefore be contacting the affected customers asap.
9 Million People
The 9 million people touched by the theft were broken down. 2,208 had credit card details stolen, easyJet explained to the UK stock market. No passport details were allegedly taken.
Customers whose credit card details were taken have already been contacted, whilst the others affected will be contacted no later than May 26, the announcement continued.
EasyJet did not give out details immediately of exactly how this breach happened, & simply said it had “closed off this unauthorised access” & the incident has now been reported to the National Cyber Security Centre, & the Information Commissioner’s Office (ICO), the data regulator.
By numbers of people involved, this breach is one of the largest to affect any company ever in the UK and creates the unsettling possibility of easyJet having no choice but to pay a huge fine.
This, just when the Coronavirus pandemic has put the airline under the most severe financial pressure imaginable. Although a limited resumption is planned, all flights are currently grounded, with aircraft in storage all across the UK & overseas.
British Airways itself was fined £183m in July 2019 because hackers stole the personal information of ‘just’ 500,000 passengers. Also, last July, the international hotels group Marriott was fined £99.2m for a breach that exposed data from a total of 339 million customers worldwide.
The ICO has now recommended that easyJet must contact every person affected, because of an increased risk of ‘phishing fraud’, the airline explained.
ICO power to fine companies has increased under the EU’s ‘General Data Protection Regulation’.
EasyJet further commented ‘optimistically’ “there is no evidence that any personal information of any nature has been misused”.
CEO, Johan Lundgren, added “We would like to apologise to those customers who have been affected by this incident. Since we became aware of the incident, it has become clear that owing to Covid-19 there is heightened concern about personal data being used for online scams.
“As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed & we are advising them to be extra vigilant, particularly if they receive unsolicited communications.”
The scale of breaches such as these are ‘breath-taking’, & clearly demonstrate that the one group of ‘workers’ not currently furloughed are the ‘hackers & scammers!’