EasyJet, a European aviation giant, has announced that it has experienced an extremely sophisticated cyberattack affecting over 9 million of its customers.
A total of 2,208 customers have also had their credit card details ‘accessed’, and email addresses and travel details have been stolen.
The airline said in a statement: “As soon as we became aware of the attack, we took immediate steps to respond to and manage the incident and engaged leading forensic experts to investigate the issue. We also notified the National Cyber Security Centre and the ICO.
“Our forensic investigation found that, for a very small subset of customers (2,208), credit card details were accessed. Action has already been taken to contact all of these customers and they have been offered support.
“There is no evidence that any personal information of any nature has been misused, however, on the recommendation of the ICO, we are communicating with the approximately 9 million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing.”
Cath Goulding, CISO, Nominet, described the incident as a ‘significant breach’. She said: “Email addresses and travel details of 9 million EasyJet customers, along with the credit card details of more than 2,200, is a significant breach. While EasyJet has stated that there is no evidence that information has been misused yet, given the breadth of data that airlines hold, follow-up phishing attacks could be damaging. This is not to mention the fact that the data flowing between airline and customer is often to prove identity and is consequentially especially valuable.
“The airline industry is undoubtedly facing one of its most testing times. As we start to look towards a life post-lockdown, however, it will continue to be vital to the world economy. Ensuring that standards don’t slip, that security precautions are taken and that we follow best practices will be vital to maintaining integrity and trust by customers in this new world.”