UK budget airline easyJet has recently disclosed a massive data breach affecting nine million of its customers and involving over 2,000 credit-card details.
The company said it has been the target of a “highly sophisticated” attacker, which gained access to nine million customers’ email addresses and travel details. The company said 2,208 credit-card details were accessed by hackers, noting it had “closed off this unauthorized access”.
The customers who got affected will be contacted by the carrier no later than May 26, easyJet said in a statement. The company has not disclosed when the breach occurred or how it happened, but it has notified the UK’s Information Commissioner’s Office and National Cyber Security Centre (NCSC) as well as hired a digital forensics expert to investigate the breach.
The airline warned customers to be on the alert for unsolicited communications, though it said it had no evidence that any personal information had been misused. The company further added that it had gone public now in order to warn the nine million customers whose email addresses had been stolen to be wary of phishing attacks.
“We take the cybersecurity of our systems very seriously and have robust security measures in place to protect our customers’ personal information. However, this is an evolving threat as cyberattackers get ever more sophisticated,” said easyJet CEO Johan Lundgren.
“Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams.
According to the company’s internal investigation report, the attackers would not have obtained the personal information of EasyJet travelers, but they have been able to achieve very revealing details.
Here is the list of data the attackers have stolen:-
Details of the passengers’ trip made with EasyJet
Credit card details
Stolen credit card data included the three digital security code – known as the CVV number – on the back of the card itself.
Moreover, it is still unknown that how long the attackers had access to EasyJet’s internal network; only the company received notice in January. But, the company has promised that it takes security concerns “extremely seriously” and will continue to invest in improving its environment.
(Image Courtesy: www.media.consumeraffairs.com)