As with millions of families across the UK, EasyJet has been my family’s main cheap flight squeeze for about six years now. It’s taken us to Budapest, Portugal, Denmark and many, many more. I guess, we never considered the state of their cybersecurity. Oops.
Yesterday, EasyJet brought to light the fact that 9 million customers have been affected by a “highly sophisticated cyber-attack”. Email addresses and travel details have been stolen and about 2208 customers have had their credit cards “accessed”.
This isn’t the first time they’ve heard about it either. EJ first became aware of the attack in January. Apparently, they weren’t able to contact affected customers until April. EJ said that they would notify everyone affected by 26 May. Not much was said about the nature of the breach but apparently the hackers were after more “company intellectual property” than after information to carry out identity theft.
“We are advising customers to be cautious of any communications purporting to come from EasyJet or EasyJet Holidays.” Generally, when people give their personal, sensitive data to a company, it is expected that the company treat that data with respect and take responsibility for it. Unfortunately, this is not usually the case.
COVID has kind of put a damper on people travelling in general, let alone to a different continent. This has left many airlines struggling so this situation just went from bad to worse.
After the breach of British Airways, in September of 2018, you would’ve thought that airlines learnt a lesson; spend money protecting the data of your customers because, if it gets leaked, your reputation is down the drain. They got charged 183 million pounds (that’s enough to buy 31,606,217 Chicken Legends with Hot and Spicy Mayo from McDonalds!!).
Those whose cards have been compromised have been alerted and their cards should have been stopped by their bank provider. New cards will be issued to those affected and the bank provider will need to sift through any regular payments made through the accounts. Following a similar data breach at British Airways in 2018, many found this a time-consuming task.
For those unaffected by the whole endeavour, please make sure to report any emails that you think may be phishing for your information and stay safe out there.
If you have any questions about this article, please contact the Samurai team here.