EasyJet Cyber Attack: Nine million customers hacked

Budget airline, EasyJet targeted by cyber criminal in sophisticated cyber attack.

Hackers have accessed the personal details of nine million easyJet customers.

According to Sky News, email addresses and travel details of nine million people were exposed along with the credit card details of just over 2,200 customers.

The airline said it will contact everybody affected in the next few days. It said, customers whose credit card details were taken have already been contacted and stressed there was no evidence that the data has been misused.

Other than the those that had their credit card details the passport and credit card details of the balance were not accessed and it had closed the online channels affected by the attack.

Experts commented on the news and suggest that confidence in airlines is at an all-time low.

Mike Fenton, Redscan CEO – the UK-based ethical hacking and threat detection firm said:

“These are already turbulent times for all companies within the aviation industry but the situation has just got significantly worse for Easy Jet. To add to the company’s woes, it is now has to explain how the personal records of 9 million customers were able to be accessed. The ICO will be amongst the interested parties keen to know whether the company had appropriate protections in place to safeguard it.

“When it comes to cyber security, the airline industry doesn’t have a great record. The British Airways breach in 2018 should have been a wake-up call and passenger confidence is likely to be at an all-time low after this.”

Mimecast‘s Head of threat intelligence analysis, Phillip Hay commented:

“Organisations continue to struggle with data breaches such as this one and they have massive implications for large organisations. Firstly, there is the financial impact as a result of fines. But secondly, and probably more importantly, is the reputational impact that breaches cause. Consumers trust the organisations they do business with to protect and safeguard their data. Any organisation that fails to do so will break this trust and is likely to lose business as a result.

To properly protect data, security teams within an organisation must assess their database security and always follow best practise. Database misconfiguration is often overlooked and so it’s crucial that IT teams understand their environment and know where the data is being stored so that they are able identify any vulnerabilities quickly and easily and issue a patch update where required. It is also advisable that organisation carry out pen testing so that they are able to identify any flags quickly. It is also important to ensure staff are trained correctly so that they can be aware of basic data security principles.

The importance of correctly securing data cannot be underestimated. You only need to look at organisations who have suffered from large-scale breaches previously to see the reputational impact that they have suffered.”


Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.