Following news of a data breach at EasyJet in which data relating to nine million EasyJet customers was accessed, one cybersecurity expert has warned of possible phishing emails as cybercriminals may purport to be from EasyJet enticing customers to hand over further detail
EasyJet revealed the data breach today, saying email addresses and travel details were accessed. It said that it would contact the customers affected.
Jake Moore, cybersecurity specialist at ESET, told PrivSec Report that “the biggest problem for EasyJet now is to get this information out to all their customers and make them safe.
“When the security notification first pops up, the procrastinators will forget about it and think it won’t happen to them. However, when something like this occurs, the truth is that money can be stolen and large amounts too.
“For those people who have fallen victim to this attack, it would be a good idea to use the card monitoring service offered or better still, cancel the card that was used. Once card information like this is stolen, it’s a race against time for the criminals to start using it before the owner is notified and cancels it. Much of which is sold on the dark web with higher prices closest to when the breach occurred.
“Although minimal personal information was stolen, this does highlight the need for extra vigilance among the rapid increase of inevitable phishing emails. Many cybercriminals will now jump into the wake of the initial attack and purport to be from EasyJet enticing customers to hand over further details such as passwords or other personal data. It is vital that people are aware of how scammers target people. These emails can look increasingly convincing.”
Johan Lundgren, Chief Executive of EastJet said: “We would like to apologise to those customers who have been affected by this incident. Since we became aware of the incident, it has become clear that owing to Covid-19 there is heightened concern about personal data being used for online scams.
“As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/