Cyber-attack
The airline states that they have become the victim of a cyber-attack. They have reported that they were “the target of an attack from a highly sophisticated source”. Research shows that the hackers gained access to the email addresses and travel data of nine million customers. The attackers also obtained the credit card details of 2,208 customers. The company states that customers’ credit card details have not been accessed. EasyJet states that they “took immediate steps to respond to and manage the incident and engaged leading forensic experts to investigate the issue,” as soon as they found out about it. The criminals no longer have access to the data. There are many questions that can’t be answered by easyJet yet. It is not yet clear when exactly the attack happened or who is responsible for the hack. It is also not clear who’s data was obtained. The customers who’s credit card details were accessed have been contacted by easyJet already, and the other customers who’s data was obtained will hear from the company in the next few days.
“Be Alert”
EasyJet does warn people that they need to watch out for identity theft. “We are advising customers to continue to be alert as they would normally be, especially should they receive any unsolicited communications. We also advise customers to be cautious of any communications purporting to come from easyJet or easyJet Holidays,” says the airline. Now that the criminals have gotten their hands on all this information they could use it for phishing purposes. This means that they will try to obtain more personal information from the victims. This mostly happens through email, social media, or WhatsApp. They will pretend to be a friend who is in financial trouble, or another source that you would trust. In this case they could pretend to be messaging you from easyJet. They will then ask you to transfer money to them. But of course, that money is going into the pockets of the criminals.
Notice of Incident
EasyJet writes in the statement that they have engaged leading forensic experts to investigate the issue. They want to find out how the hackers managed to gain access to the company’s data. The airline has also notified the British government, authorities in the field of cybersecurity, and the Information Commissioner’s Office (ICO). Customers who’s data was accessed will be notified on May 26 at the latest.