in Aerospace / Security

EasyJet target of major cyber attack

Posted 19 May 2020 · Add Comment

Earlier today, Luton Airport based airline easyJet was the target of a highly sophisticated cyber attack, with the personal data of nine million of its customers being compromised.

Image copyright Shutterstock

Following discussions with the Information Commissioner's Office (ICO), the Board of easyJet announced that it had been the target of a cyber attack from a highly sophisticated source.

Once aware of the attack, easyJet  took immediate steps to respond to and manage the incident and engaged leading forensic experts to investigate the issue. It also notified the National Cyber Security Centre (NCSC) and the ICO, whilst closing off the unauthorised access.

The easyJet  investigation found that the email address and travel details of approximately nine million customers were accessed. These affected customers will be contacted in the next few days.

Forensic investigation found that, for a very small subset of customers (2,208), credit card details were accessed. Action has already been taken to contact all of these customers and they have been offered support.

Johan Lundgren, CEO, easyJet, said: "We take the cyber security of our systems very seriously and have robust security measures in place to protect our customers' personal information. However, this is an evolving threat as cyber attackers get ever more sophisticated.

"Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams.  As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.

"Every business must continue to stay agile to stay ahead of the threat. We will continue to invest in protecting our customers, our systems, and our data.

"We would like to apologise to those customers who have been affected by this incident."

Although there is no evidence that any personal information of any nature has been misused, on the recommendation of the ICO, easyJet are communicating with the approximately nine million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing.

Boris Cipot, senior security engineer at Synopsys, said "While EasyJet has reported that there’s no evidence that the accessed data has been misused, no one can be certain that the data won’t be misused in the future. EasyJet has notified all affected customers about the breach and I would urge these customers to call their bank and credit card companies to find out what the next steps are to ensure their accounts are secure. This may require the cancellation and replacement of affected cards. Affected account passwords should also be changed immediately.

"Changing passwords every now and then serves as a good precautionary habit to have. It is also important to understand that using the same password across several accounts is not a safe practice. Make sure to use a different password for each site and/or account you have.

"As there are many services that use your name, address and a credit card number as proof of identification, be on the lookout for attempts at identity theft. Talk to your bank/credit card company to see if they can give you a list of all the occasions when attempts were made to use your credit card."

Brian Higgins, security specialist, said: "Attacks like this have enormous, knock-on effects for the victims.  Once the attack is made public, criminal organisations will immediately seek to take full advantage of the fear and uncertainty the 9 million customers of EasyJet are currently feeling and begin campaigns to exploit them. They will email, call on the telephone and make contact via social media channels. In fact they will use any and all methods to make contact, pretend to be EasyJet and use that fear and uncertainty to make people reveal more of their personal information, login credentials and bank details in order to commit more crime.

Any and all unsolicited contact from EasyJet should be ignored, however difficult that may be. You should also check their official website or contact the Office of the Information Commissioner for advice. Never engage with any other offers of help. They will almost certainly cause you more harm.

A company the size of EasyJet should have a comprehensive incident response plan to deal with this attack. The coming days will show us if that is the case, although how they can assure their customers that ‘there is no evidence that any personal information of any nature has been misused’ shows a worrying naivety.

This is the golden hour for cybercriminals. EasyJet customers have one line of defence right now. Ignore them."

EasyJet is in the process of contacting the relevant customers directly and affected customers will be notified no later than 26th of May.

Customers can also find further advice at



* required field

Post a comment

Other Stories
Latest News

Future Combat Air continues to drive economic advance across the UK

Seven companies representing the breadth of innovation across the UK have signed agreements to progress opportunities to work on future combat air concepts and underpinning technologies across Team Tempest.

BAE Systems and WAE partner on fast jet development

BAE Systems and Williams Advanced Engineering (WAE) have joined forces to explore how battery management and cooling technologies from the motorsport industry could be exploited to deliver efficiency and performance gains in the

CFMS study bolsters business case for regional electric aircraft

A new study from the Centre for Modelling & Simulation (CFMS), a not-for-profit specialist in digital engineering, has helped the aerospace industry move a step closer to the development of regional electric aircraft.

Nasmyth TMF awarded Nadcap Chemical Processing Merit Status

Nasmyth TMF is pleased to announce that it has been awarded Merit Status for Nadcap Chemical Processing.

UK space launch sector builds foundation for collaborative future

Industry leaders are urging the UK government to establish world-class rules to enable safe, environmentally conscious and commercially viable space launches from British soil.

Shell Aviation launches automated end-to-end touchless refuelling process

Shell Aviation has introduced end-to-end digital integration with airline customers through Shell SkyPad, its tablet that connects pilots and apron operators with cloud-based computer systems.

ODU 0201311219
See us at
DVD 2020