EasyJet reports that hackers have stolen millions of customer information and thousands of credit card numbers from the budget airline.
The airline says that a “sophisticated source” had accessed the personal information including email addresses and travel details of 9 million customers. This breach also included the theft of credit card details from 2,208 customers.
It has not been disclosed when the data breach occurred. The airline is reaching out to those customers that are affected. EasyJet is working with the UK Information Commission Office (ICO) and the National Cyber Security Centre.
What EasyJet Is Saying
In an apology to customers, EasyJet CEO, Johan Lundgren said:
“Since we became aware of the incident, it has become clear that owing to Covid-19 there is heightened concern about personal data being used for online scams,” Lundgren said. “As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.”
What The UK Information Commission Office Is Saying
“People have the right to expect that organizations will handle their personal information securely and responsibly. When that doesn’t happen, we will investigate and take robust action where necessary.”
“Anyone affected by data breaches needs to be particularly vigilant to possible phishing attacks, and scam messages. We have published advice on our website about how to spot potential phishing emails,”
EasyJet Remains On The Ground
The entire 334 aircraft fleet in Europe has been grounded since March. The only exceptions had been repatriate rescue flights to return UK citizens back home. The airline has no known date when service will return, however bookings can be made for flights from May 29, 2020. EasyJet is cancelling flights on a rolling seven-day basis.
Data hackers never seem to take a break and they will take advantage of any situation where people may let their guard down. They will use a situation like the current pandemic to take advantage of people when they are most vulnerable. Sending credit card information by email can create security risks. I never store any credit cards on vendor websites because my security would be no better than the worst data security of any vendor.