EasyJet: Cyberattack and Data Breach
The tourism sector is a prime target for cybercriminals. Following a series of data breaches at airlines (British Airways in 2018 and Airbus in early 2019), EasyJet has not been spared.
The alert was issued on May 19. The low-cost airline, which fell victim to a “highly sophisticated” cyberattack, is warning its customers about the risks associated with phishing.
EasyJet stated that it was “aware of potentially unusual activity in late January 2020.” It immediately launched “an investigation with the support of forensic experts.” Ultimately, the investigation led directly to this cyberattack against EasyJet.
In fact, the booking data of approximately 9 million customers was accessed. According to the investigation conducted in close collaboration with the UK’s National Cyber Security Centre, the credit card data of 2,208 customers was also accessed.
However, there is no evidence that this information was used or disclosed.
According to a statement posted on the company’s website, the attack has now been contained and the security of its information systems has been strengthened.
Phishing, password theft… What risks do customers face?
A great deal of data stolen by cybercriminals is highly sought after on the Dark Web.
For example, reservation details include:
- the name;
- email address;
- the departure airport;
- the destination;
- the departure date.
This information is extremely valuable to hackers specializing in phishing, who are ready to exploit it to carry out their malicious activities.
Since April, the company has been warning its customers about the“increased risk of phishing emails.” In fact, many airlines are highly vulnerable to cyberattacks via email. (source: L’Echo Touristique).
EasyJet has also contacted the ICO (Information Commissioner’s Office), the UK’s data protection authority, to inform them of the incident. The ICO is authorized to impose fines for violations of the GDPR, as was the case with Marriott Hotels in 2018.
Finally, EasyJet also recommends exercising caution when it comes topasswords. In the event of a cyberattack, it is strongly advised to reset passwords to prevent hackers from stealing them and gaining unauthorized access to users’ identities and accounts.
