British airline EasyJet hacked, customer data leaked

[German] British airline EasyJet was the victim of a cyber attack. The attackers were able to extract customer data (such as e-mail addresses, travel data) from around nine million customers. There were also 2,000 credit card records among them. Addendum: The hack was bigger as confirmed earlier.


Advertising

EasyJet announced this security incident in a statement, dated May 19, 2020. Here is the text.

Following discussions with the Information Commissioner's Office ("ICO"), the Board of easyJet announces that it has been the target of an attack from a highly sophisticated source. As soon as we became aware of the attack, we took immediate steps to respond to and manage the incident and engaged leading forensic experts to investigate the issue.  We also notified the National Cyber Security Centre and the ICO. We have closed off this unauthorised access.

Our investigation found that the email address and travel details of approximately 9 million customers were accessed. These affected customers will be contacted in the next few days. If you are not contacted then your information has not been accessed.  Other than as referenced in the following paragraph, passport details and credit card details of these customers were not accessed.

Our forensic investigation found that, for a very small subset of customers (2,208), credit card details were accessed.   Action has already been taken to contact all of these customers and they have been offered support.

EasyJet write, that 'security issues are taken extremely seriously and that investments are being made to further improve the security environment'. According to EasyJet, there is no indication that any personal information has been misused (see my addendum below). The company will inform the 9 million customers whose travel data has been viewed about the hack in the next days. And they provide hints to minimize the risk of possible phishing. The memo advises customers to remain vigilant when receiving unsolicited mails. This includes mails that purport to come from easyJet or easyJet Holidays.

Signs since January 2020

BBC reported in this article, that EasyJet first became aware of the attack in January 2020. I received this following tweet from British security researcher Kevin Beaumont via Twitter.

Someone there complains that he has not received any assistance from EasyJet, after his account has been hacked. He said he's gonna be claiming his balance next week from an account that's been hacked now. The user requested a 60-day cancellation via a contact form and received no response. I don't know, whether this case is related to the hack above. Whether the data protection authorities (ICO) were informed promptly about the cyber attack is probably also questionable.


Advertising

The Hack was bigger as admitted first

Addendum: The hack was probably bigger than first admitted. According to this article not only the name and e-mail address were retrieved. The hackers could access the travel details of easyJet flights or easyJet holidays booked between 17 October 2019 and 4 March 2020. This can be seen from the following text, which was sent by e-mail to those affected.

Our investigation found that your name, email address, and travel details were accessed for the easyJet flights or easyJet holidays you booked between 17th October 2019 and 4th March 2020. Your passport and credit card details were not accessed, however information including where you were travelling from and to, your departure date, booking reference number, the booking date and the value of the booking were accessed.

We are very sorry this has happened.

Recipients are warned of phishing attacks that could occur with and based on the captured data.


Advertising

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).