EasyJet hacked: data breach affects 9 million customers

Posted by & filed under Security Alerts.

EasyJet, the UK’s largest airline, has disclosed that they were hacked and that the email addresses and travel information for 9 million customers were exposed. For some of these customers, credit card details were also accessed by the attackers.

In a data breach notification disclosed today, EasyJet states that they have suffered a cyberattack, and an unauthorized third-party was able to gain access to their systems.

During this attack, the threat actors were able to access the email addresses and travel information for nine million customers. For approximately 2,208 customers, credit card details were also exposed.

“Our investigation found that the email address and travel details of approximately 9 million customers were accessed. These affected customers will be contacted in the next few days. If you are not contacted then your information has not been accessed.  Other than as referenced in the following paragraph, passport details and credit card details of these customers were not accessed.”

“Our forensic investigation found that, for a very small subset of customers (2,208), credit card details were accessed.   Action has already been taken to contact all of these customers and they have been offered support,” EasyJet stated in a “Notice of cyber security incident.”

Once EasyJet learned of the attack, they notified the UK’s National Cyber Security Centre and the ICO.

EasyJet states that they are notifying affected customers and that all of those affected will receive the notification by May 26th, 2020.

What should an EasyJet customer do?

If you are an EasyJet customer and are concerned you have been exposed or received a data breach notification, you should take the following steps.

As your travel information and email address have been exposed, you should be on the lookout for targeted phishing emails that utilize this info.

If you receive any emails about upcoming travel, do not reply with any sensitive information and instead go to easyjet.com to interact directly with the company.

Those whose credit card details were exposed should monitor their statements for any fraudulent activity and report anything detected immediately.

It is also suggested that you contact your credit card company, explain the situation, and request a new credit card and number to be safe.

BleepingComputer has contacted EasyJet for more information but has not heard back as of yet.

The information contained in this website is for general information purposes only. The information is gathered from Bleeping Computer, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.  Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.