Posted on May 20, 2020 at 7:23 PM
Airline carrier EasyJet reported that 9 million customers of the airline firm are victims of a recent cyberattack. It said travel details and email addresses had been stolen, and over 2,000 customers had details of their credit cards accessed.
The company had informed the Information Commission’s Office (ICO) in the UK while an investigation into the breach has begun.
The attack became known to EasyJet in January
According to a report the firm made to the BBC, EasyJet informed customers whose credit card details have been exposed in April.
The firm said the attack was a very sophisticated one, and it took EasyJet a long time to find out the level of the attack.
“This was a highly sophisticated attacker. It took time to understand the scope of the attack and to identify who had been impacted,” EasyJet said.
Affected customers have been informed about the breach
According to EasyJet, the attackers stole three digital security codes, which is the CVV number at the back of the credit card.
Furthermore, EasyJet said it had warned the 9 million affected customers who may be exposed to future phishing attacks. However, not everyone had been notified. But the airline firm promised to inform everyone affected before May 26.
The company also warned customers to be vigilant about any information purportedly coming from EasyJet which could potentially expose them from further phishing attacks.
Details about the motive or even the nature of the attacks were not provided, but EasyJet said during its investigation, the hackers did not target information for identity theft, but rather decided to target “company intellectual property.
ICO currently investigating the situation
The ICO said it is investigating the situation and further information about the hack would be available very soon. According to the ICO, people are expecting that organizations they registered with should handle their information securely.
However, sometimes this doesn’t happen, which would require an investigation. It said the investigation into the hacking incident is ongoing, to get every necessary detail about the breach.
ICO also asked people to be very wary of phishing attacks and asked them to read through its website for advice on managing their details and protecting them from phishing attacks.
Number of phishing attacks on the rise
The activities of criminals who send emails with links to fake websites have been increasing daily during this COVID-19 crisis. Google has played its part to reduce this number by blocking more than 100 million phishing emails daily. But more cybercriminals are still taking advantage of the cancellation of flights due to the COVID-19 situation.
According to a digital privacy expert at ProPrivacy, Ray Walsh, people who have bought an EasyJet flight should be cautious about opening unsolicited emails in their mailbox. That’s because these hackers can use stolen data during this period to launch a phishing attack in the future, he said.
Customers need to be very careful whenever they receive emails that seem to be coming from EasyJet, as these emails could be fake and designed to steal their important information through a cloned website.
According to Walsh, these criminals have become experts at cloning websites to make it very difficult even for a tech-savvy person to notice any foul play. So, the best thing is to avoid opening any unsolicited email or emails that claim they are from EasyJet.
Trying times for the airline industry
According to the chief executive of Redscan, Mike Fenton, so many airlines are now facing financial crises due to the complete ban on air travel by many governments in the world. As a measure to curtail the spread of the pandemic, many airlines are facing the toughest of times, but the situation is worse for EasyJet, he said.
While the company is still battling with stalled revenue, a new problem has surfaced. It now had to explain to 9 million customers how their data was exposed by cybercriminals.
The airline industry has always been exposed to a cyberthreat, as there are several records of a data breach within the industry. In 2018, British Airways suffered a heavy data breach where millions of customer data were exposed.
As a result of these cyberattacks on airlines, the confidence level the passengers in the industry may have dropped to an all-time low after this.