EasyJet Admits Hack From ‘Highly Sophisticated Source’

EasyJet has warned customers to be alert should they receive any unsolicited communications, after the airline admitted it was the target of an attack “from a highly sophisticated source.”

The budget airline admitted that email addresses and travel details of 9 million people were accessed. Thankfully this did not include passport data, but 2,208 people did have their credit card details stolen.

The airline made the admission in a statement to the stock market. Customers whose credit card details was compromised have already been contacted, while everyone else affected will be contacted in the “next few days” (latest by 26 May).

EasyJet hack

EasyJet said it has notified both the Information Commissioner’s Office (ICO) and GCHQ’s the National Cyber Security Centre (NCSC).

“…the Board of easyJet announces that it has been the target of an attack from a highly sophisticated source,” the airline said in its statement. “As soon as we became aware of the attack, we took immediate steps to respond to and manage the incident and engaged leading forensic experts to investigate the issue.”

EasyJet did not give details of how the actually breach occurred, but said “we have closed off this unauthorised access.”

“Our investigation found that the email address and travel details of approximately 9 million customers were accessed it said. “These affected customers will be contacted in the next few days. If you are not contacted then your information has not been accessed.”

“Our forensic investigation found that, for a very small subset of customers (2,208), credit card details were accessed,” said the airline. “Action has already been taken to contact all of these customers and they have been offered support.”

“We take issues of security extremely seriously and continue to invest to further enhance our security environment,” it added. “There is no evidence that any personal information of any nature has been misused, however, on the recommendation of the ICO, we are communicating with the approximately 9 million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing.”

“We are advising customers to continue to be alert as they would normally be, especially should they receive any unsolicited communications,” it said. “We also advise customers to be cautious of any communications purporting to come from easyJet or easyJet Holidays.”

“We’re sorry that this has happened, and we would like to reassure customers that we take the safety and security of their information very seriously,” it concluded.

Double whammy

News of the hack could not have come at a worse time for the airline, which is already contending with the financial fallout caused by the global Coronavirus pandemic and the resulting suspension of almost all air travel.

And the financial implications could be especially severe, as the breach is one of the largest to affect any British company.

For example, it should be remembered that British Airways in July 2019 was fined £183m after hackers stole the personal information of just half a million customers.

On 6 September 2018 BA said it had discovered a hack of its systems that had resulted in customers’ data being harvested by attackers as it was entered.

The hack, which began in June 2018, was in effect during the busy summer holiday period.

The hotels group Marriott was also fined £99.2m in July 2019 for a breach that exposed the data of 339 million customers worldwide.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

AWS re:Invent Conference Welcomes Back Crowds

Over 27,000 attendees and members of the press (including Silicon) attend Amazon Web Services worldwide…

7 hours ago

Head Of Car Giant Stellantis Issues Electric Vehicle Cost Warning

The car manufacturing industry cannot sustain the costs from government demands to shift to electric…

8 hours ago

SpaceX’s Elon Musk Warns Of Bankruptcy Risk Over Engine Issue

SpaceX CEO Elon Musk warns of “disaster” concerning production of Starship Raptor engine that puts…

10 hours ago

Twitter To Remove Photos Tweeted Without Permission

Privacy overstep? Personal photos and videos of private individuals tweeted without the consent of the…

11 hours ago

Facebook Cryptocurrency Executive David Marcus To Leave

Executive in charge of Meta's cryptocurrency efforts, confirms he is leaving after seven years at…

13 hours ago

NY AG Seeks Overseer For Amazon Worker Safety

New York's attorney general asks US judge to appoint someone who will oversee worker safety…

14 hours ago