in Aerospace / Security

EasyJet target of major cyber attack

Posted 19 May 2020 · Add Comment

Earlier today, Luton Airport based airline easyJet was the target of a highly sophisticated cyber attack, with the personal data of nine million of its customers being compromised.



Image copyright Shutterstock


Following discussions with the Information Commissioner's Office (ICO), the Board of easyJet announced that it had been the target of a cyber attack from a highly sophisticated source.

Once aware of the attack, easyJet  took immediate steps to respond to and manage the incident and engaged leading forensic experts to investigate the issue. It also notified the National Cyber Security Centre (NCSC) and the ICO, whilst closing off the unauthorised access.

The easyJet  investigation found that the email address and travel details of approximately nine million customers were accessed. These affected customers will be contacted in the next few days.

Forensic investigation found that, for a very small subset of customers (2,208), credit card details were accessed. Action has already been taken to contact all of these customers and they have been offered support.

Johan Lundgren, CEO, easyJet, said: "We take the cyber security of our systems very seriously and have robust security measures in place to protect our customers' personal information. However, this is an evolving threat as cyber attackers get ever more sophisticated.

"Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams.  As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.

"Every business must continue to stay agile to stay ahead of the threat. We will continue to invest in protecting our customers, our systems, and our data.

"We would like to apologise to those customers who have been affected by this incident."

Although there is no evidence that any personal information of any nature has been misused, on the recommendation of the ICO, easyJet are communicating with the approximately nine million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing.

Boris Cipot, senior security engineer at Synopsys, said "While EasyJet has reported that there’s no evidence that the accessed data has been misused, no one can be certain that the data won’t be misused in the future. EasyJet has notified all affected customers about the breach and I would urge these customers to call their bank and credit card companies to find out what the next steps are to ensure their accounts are secure. This may require the cancellation and replacement of affected cards. Affected account passwords should also be changed immediately.

"Changing passwords every now and then serves as a good precautionary habit to have. It is also important to understand that using the same password across several accounts is not a safe practice. Make sure to use a different password for each site and/or account you have.

"As there are many services that use your name, address and a credit card number as proof of identification, be on the lookout for attempts at identity theft. Talk to your bank/credit card company to see if they can give you a list of all the occasions when attempts were made to use your credit card."

Brian Higgins, security specialist, Comparitech.com said: "Attacks like this have enormous, knock-on effects for the victims.  Once the attack is made public, criminal organisations will immediately seek to take full advantage of the fear and uncertainty the 9 million customers of EasyJet are currently feeling and begin campaigns to exploit them. They will email, call on the telephone and make contact via social media channels. In fact they will use any and all methods to make contact, pretend to be EasyJet and use that fear and uncertainty to make people reveal more of their personal information, login credentials and bank details in order to commit more crime.

Any and all unsolicited contact from EasyJet should be ignored, however difficult that may be. You should also check their official website or contact the Office of the Information Commissioner for advice. Never engage with any other offers of help. They will almost certainly cause you more harm.

A company the size of EasyJet should have a comprehensive incident response plan to deal with this attack. The coming days will show us if that is the case, although how they can assure their customers that ‘there is no evidence that any personal information of any nature has been misused’ shows a worrying naivety.

This is the golden hour for cybercriminals. EasyJet customers have one line of defence right now. Ignore them."

EasyJet is in the process of contacting the relevant customers directly and affected customers will be notified no later than 26th of May.

Customers can also find further advice at www.actionfraud.police.co.uk

 

 

Other Stories
Advertisement
Latest News

Satellite data learning tool brings EO to the next generation

A new UK Space Agency-backed online tool for learning satellite Earth Observation (EO) is now available for trial by higher education institutions.

Operational benefits of freeports in England

The establishment of new freeports in England - expected to be operational by the end of 2021 - offer the prospect of a range of unique business benefits, according to law firm DLA Piper.

Air Charter Scotland unveils second Biggin Hill based Citation M2

Air Charter Scotland has introduced a second Cessna Citation 525 M2, from its newest London Biggin Hill Airport base, coinciding with the first lifting of travel restrictions from 17th May.

Heathrow calls for significant expansion of 'green' list countries

As it reported today that it had lost 6.2 million passengers in April, down 92.1%, compared to pre-pandemic 2019 figures - following over a year of restrictions on non-essential travel - Heathrow called for significant expansion of

Guidance issued to prevent use of vehicles as weapons in terror attacks

New guidance designed to prevent commercial vehicles, including vans, lorries, buses, coaches and even cranes, from being used as weapons in acts of terrorism, was published yesterday.

Cobham Mission Systems wins $7.1m NAVSUP UWARS contract

Cobham Mission Systems announced today that it has been awarded a new $7.1 million prime contract from the US Naval Supply Systems Command Weapon Systems Support (NAVSUP) for production and delivery of Universal Water Activated

Vulcan SK1802180521
See us at
Space Comm Expo BTRAF Museum BTDSEI bt1602170921