On Tuesday, budget airline EasyJet revealed they experienced a cyber-attack that exposed 9m customer details.
Airline brand Easyjet should have been gearing up for the busy summer season ahead. Last year alone, the company flew 96.1m passengers across the globe, keeping to their ethos of finding new and affordable ways to travel.
However, the ongoing coronavirus pandemic (that has forced the company to cancel a multitude of flights) has this week revealed an unfortunate cyberattack which exposed the details of 9m of their customers. Following this event, it’s likely that the cheap and cheerful airline will have a difficult year ahead.
The background
On Tuesday 19th of May, the company announced that email addresses and travel details were accessed by an unwarranted source. Out of the 9m customers affected, 2,208 had credit card details stolen, easyJet told the stock market. However, no passport details were uncovered.
EasyJet were hesitant to give details of how the breach occurred but said it had “closed off the unauthorised access” and reported the incident to the National Cyber Security Centre and the Information Commissioner’s Office (ICO), the data regulator.
Those customers whose credit card details were taken have been contacted, while everyone else affected to be contacted by 26 May.
“However this breach has been manufactured, it’s clear that the aviation industry is experiencing something of a perfect storm as operators’ resources are stretched, even prior to Covid-19, and cyber groups have become increasingly active in recent weeks,” comments Andy Barratt, UK managing director at global cybersecurity consultancy Coalfire,
“Airlines, and the wider travel sector, are consistently targeted by cybercriminals due to a large amount of digital transactions, credit and information sharing needed to ensure the industry operates smoothly.
Notably, the direct-to-consumer booking models used by budget operators circumvent some of this but mean that there is little room for them to outsource risk when it comes to cybersecurity, as EasyJet will no doubt now be aware,” he continues.
Scared of a cyber attack?
EasyJet was not the first major airline to face a catastrophic cybercrime. In 2018, almost 400,000 British Airways customers had their personal details and bank cards stolen in one of the most severe cyber-attacks in UK history. And it was a fate that could have allegedly been avoided.
Poor IT infrastructure on the airline’s website was supposedly the reason for the hacker groups easy access to customer information. The main failing being vulnerability in third-party Javascript used on the website.
This may have just been a slip-up on the BA tech teams’ part, but the company did not just receive a slap on the wrist for poor practice, the airline was forced to pay a staggering £183m penalty by the ICO.
As business and office activities move towards a more tech-dominated way of working, it is crucial that employers are versed in cybersecurity best practise.
Real Business reached out to managing security consultant Colin Robbins at UK based cybersecurity company Nexor to provide some key tips;
Share this story
