
The background
On Tuesday 19th of May, the company announced that email addresses and travel details were accessed by an unwarranted source.?Out of the 9m customers affected, 2,208 had credit card details stolen, easyJet told the stock market. However, no passport details were uncovered. EasyJet were hesitant to give details of how the breach occurred but said it had ?closed off the unauthorised access? and reported the incident to the National Cyber Security Centre and the Information Commissioner?s Office (ICO), the data regulator. Those customers whose credit card details were taken have been contacted, while everyone else affected to be contacted by 26 May. ?However this breach has been manufactured, it?s clear that the aviation industry is experiencing something of a perfect storm as operators? resources are stretched, even prior to Covid-19, and cyber groups have become increasingly active in recent weeks,”?comments Andy Barratt, UK managing director at global cybersecurity consultancy Coalfire, ?Airlines, and the wider travel sector, are consistently targeted by cybercriminals due to a large amount of digital transactions, credit and information sharing needed to ensure the industry operates smoothly. Notably, the direct-to-consumer booking models used by budget operators circumvent some of this but mean that there is little room for them to outsource risk when it comes to cybersecurity,? as EasyJet will no doubt now be aware,”?he continues.Scared of a cyber attack?
EasyJet was not the first major airline to face a catastrophic cybercrime. In 2018, almost 400,000 British Airways customers had their personal details and bank cards stolen in one of the most severe cyber-attacks in UK history. And it was a fate that could have allegedly been avoided. Poor IT infrastructure on the airline’s website was supposedly the reason for the hacker groups easy access to customer information. The main failing being vulnerability in third-party Javascript used on the website. This may have just been a slip-up on the BA tech teams’ part, but the company did not just receive a slap on the wrist for poor practice, the airline was forced to pay a staggering ?183m penalty by the ICO.
Share this story