The backgroundOn Tuesday 19th of May, the company announced that email addresses and travel details were accessed by an unwarranted source. Out of the 9m customers affected, 2,208 had credit card details stolen, easyJet told the stock market. However, no passport details were uncovered. EasyJet were hesitant to give details of how the breach occurred but said it had “closed off the unauthorised access” and reported the incident to the National Cyber Security Centre and the Information Commissioner’s Office (ICO), the data regulator. Those customers whose credit card details were taken have been contacted, while everyone else affected to be contacted by 26 May. “However this breach has been manufactured, it’s clear that the aviation industry is experiencing something of a perfect storm as operators’ resources are stretched, even prior to Covid-19, and cyber groups have become increasingly active in recent weeks,” comments Andy Barratt, UK managing director at global cybersecurity consultancy Coalfire, “Airlines, and the wider travel sector, are consistently targeted by cybercriminals due to a large amount of digital transactions, credit and information sharing needed to ensure the industry operates smoothly. Notably, the direct-to-consumer booking models used by budget operators circumvent some of this but mean that there is little room for them to outsource risk when it comes to cybersecurity, as EasyJet will no doubt now be aware,” he continues.
Share this story