EasyJet: Failure to defend itself from a Cyberattack

Another one bites the dust. After the cyberattack on Delta Air, Cathay Pacific, another airline has come under the attack of hackers. EasyJet announced on Tuesday, that it has become the target of a “highly sophisticated” cyberattack that exposed the email addresses and personal travel plans of about nine million customers and that some had their credit card details stolen.

Considering the size of the attack and the potential risk to 9 million people, it can be considered as one of the biggest attacks in recent times. The airline said in a statement that as soon as it became aware of the attack, it took immediate steps to manage and investigate it, and closed off the breach. However, the hacker was able to penetrate their system effectively.

Upon investigation, the company found out that the credit card details of 2,208 customers were breached. Easy Jet will be contacting their vulnerable and exposed customers whose personal information is at risk by May 26.

Although the company also confirmed that none of the passport information was affected, it stated:

“We take the cybersecurity of our systems very seriously and have robust security measures in place to protect our customers’ personal information,” Easy Jet’s chief executive officer, Johan Lundgren, said. “However, this is an evolving threat as cyber attackers get ever more sophisticated.”

Since the spread of the coronavirus, there has been heightened concern that stolen personal data could be used for online scams, Mr Lundgren said. The airline advised customers “to be extra vigilant, particularly if they receive unsolicited communications.”

The airline said it has gotten in touch with the National Cyber Security Centre. This is a British government organization that helps companies avoid computer security threats. They are also working with the Information Commissioner’s Office (ICO), for reviewing the data breach.

Are you next in the headlines? Find out if your company is doing well enough in the privacy spheres with this comprehensive GDPR Audit