EasyJet says hackers accessed 2,208 payment cards in a “sophisticated attack.”
The United Kingdom-based low-cost airline EasyJet has acknowledged that it was hacked in “an attack from a highly sophisticated source” affecting over 9 million customers.
According to the “Notice of cyber security incident” issued by EasyJet, it was revealed that the hackers managed to access 2,208 payment cards along with travel details and email addresses of impacted customers.
“Our forensic investigation found that, for a very small subset of customers (2,208), credit card details were accessed,” EasyJet said in the notice “Action has already been taken to contact all of these customers and they have been offered support.”
Currently, investigations are in progress but the airline maintains there is no evidence that “any personal information of any nature has been misused.”
If you are among impacted customers EasyJet will contact you. However, this is an ideal situation for hackers who might use the opportunity to conduct phishing scams using the stolen email address and pretend to be representatives from the airline.
Therefore, both EasyJet or EasyJet Holidays customers should watch out for malicious emails, verify that the email has come from official sources, do not click on any link given in the email, and refrain from putting your personal data in response to the email. Such emails can ask for full name, payment card details, PIN code, passwords, physical address, phone numbers, driver license, passport, or national insurance numbers.
As for the breach, in a statement, EasyJet’s Chief Executive Officer Johan Lundgren said that,
“Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams. “Every business must continue to stay agile to stay ahead of the threat. We will continue to invest in protecting our customers, our systems, and our data. “We would like to apologize to those customers who have been affected by this incident.”
At the time of publishing this article; the origin or who was being the attack were unknown since the airline has shared limited information. Nevertheless, EasyJet is the second airline to be listed among victims of a data breach in recent years. In September 2018, British Airways suffered a cyber attack in which private and financial data of 380,000 customers were stolen.
This is a developing story, stay tuned.