EasyJet data breach affects 9 million customers
Another airline made headlines this week, however this time the story wasn’t related to the COVID-19 pandemic. EasyJet, one of the U.K.’s largest airlines admitted this week that they were subject of a cyber-attack from a highly sophisticated source
EasyJet explained that they initially became aware of this attack in late January and have since carried out a thorough forensic investigation to fully understand the scope of this breach. From their investigations, EasyJet has established that the names, email addresses and travel details of approximately 9 million customers were accessed, as well as the credit card details of 2,208 customers.
In April, EasyJet notified a small group of customers whose credit card details had been impacted since then they reported the breach to the Information Commissioner Officer (ICO) the UK’s data regulator. Based on guidance from the ICO, EasyJet is currently in the process of contacting all remaining customers affected and hope to have notified all affected customers no later than 26 May.
What do we know about the attack?
Unfortunately, we don’t know a great deal about the attack and how the EasyJet systems were compromised as they have provided very little in terms of details about the attack. However, they did say their investigation has suggested the hackers were targeting company intellectual property as opposed to customer information.
Regarding the attack itself, EasyJet has said it was carried out by a highly sophisticated attacker and took quite some time for digital forensic experts to fully understand the scope of the attack.
What should you do?
If you have ever used EasyJet for either personal or business travel then I can imagine this news is a little unnerving. It is always best practice to change passwords regularly and never use the same password for multiple sites. If you have an EasyJet account we recommend you change the password you use on the account. If you use this password elsewhere you should also change it there and don’t reuse the same password.
A major concern we have for the affected customers is that they now could become victims of Phishing scams. With the access of up to 9 million email addresses, hackers have a large database and will be able to send emails pretending to be from EasyJet. We have seen a marked increase in Phishing attacks since the outbreak of COVID-19 and we recommend everyone staying vigilant to emails, not just EasyJet customers.
There is no time like the present to check if your personal or professional email accounts have appeared in any other public data breaches. A good resource for checking your email address against breaches is https://haveibeenpwned.com. By browsing to that website and entering your email address you will find out if your email address has been breached, what breach it happened in and what data was lost.
How can we help?
Secora Consulting offers a wide range of services which are tailored to your requirements. We can help you prepare for the worst-case scenario by simulating threats your organisation is likely to encounter via each of our service lines. We can help improve your cybersecurity posture increasing your resilience to breach. For instance, we offer simulated phishing campaigns to highlight cybersecurity awareness within your organisation and demonstrate how a breach may occur.
Should you ever be on the unfortunate end of a cyber attack our in-depth knowledge and Incident Response service will have your organisation ransomware free and up and running again in no time.
Partner with us today and our experienced consultants will go the extra mile to ensure your organisation stays secure during these uncertain times.
- Validate security controls implemented
- Receive a prioritised list of your risks based on their exploitability and impact
- Receive expert and effect advice to immediately improve your cybersecurity posture
- Understand how uncovered issues will affect your organisation and operations
- Recover from cyber attacks
Secora Consulting was set up to assist organisations with their cybersecurity requirements. We understand the challenges many companies are currently facing. Our goal is to improve your cybersecurity operations, providing peace of mind in this ever-evolving threat landscape.
If you have any questions or are unsure if the steps you are taking to help keep your organisation secure are working, please reach out to us. Our team is available at firstname.lastname@example.org or over the phone on 00353 (0) 1 517 6200.
All of Secora Consulting's assessments are tailored to our client's needs.
Using our experience, we can help you determine which services are right for you.
We have arranged our services into four groups based on the objective of the tests.