British airline EasyJet announced that a “highly sophisticated” cyber-attack exposed email addresses and travel details of around 9 million of its customers.
“Following discussions with the Information Commissioner’s Office (“ICO”), the Board of easyJet announces that it has been the target of an attack from a highly sophisticated source.” reads a statement from the company. “Our investigation found that the email address and travel details of approximately 9 million customers were accessed.”
According to the company, hackers also accessed a small subset of customers and obtained credit card details for 2,208 of them, no passport details were exposed.
“Our forensic investigation found that, for a very small subset of customers (2,208), credit card details were accessed.” continues the company.
At the time of writing the airline did not disclose details of the security breach, it is not clear when the incident took place and how EasyJet discovered the intrusion.
EasyJet conducted a forensic investigation and once identifies the unauthorized access has locked it.
The airline reported the incident to the Information Commissioner’s Office (“ICO”), the good news is that the company is not aware of any attack in the wild that abused the stolen information.
EasyJet is still investigating the security breach.
“We take the cybersecurity of our systems very seriously and have robust security measures in place to protect our customers’ personal information. However, this is an evolving threat as cyber attackers get ever more sophisticated,” says EasyJet Chief Executive Officer Johan Lundgren.
“Since we became aware of the incident, it has become clear that owing to COVID-19, there is heightened concern about personal data being used for online scams. Every business must continue to stay agile to stay ahead of the threat.”
The airline has started notifying the incident to all the impacted customers and is recommending them to be “extra vigilant, particularly if they receive unsolicited communications.”
According to the Reuters that cited two people familiar with the investigation, hacking tools and techniques used by attackers point to a group of suspected Chinese hackers that targeted multiple airlines in recent months.
Italian friends could read my interview with Italian State Broadcast Television RAI:
(SecurityAffairs – EasyJet, hacking)