EasyJet admits it was aware of ‘highly sophisticated cyber attack’ that affected 9 million customers as early as January

Sources have said that Chinese hackers are responsible for the attack on the budget airline

Adam Smith
Wednesday 20 May 2020 13:14
Comments
Ground-stop: none of easyJet's 337 Airbus aircraft are flying commercially
Ground-stop: none of easyJet's 337 Airbus aircraft are flying commercially

Budget airline easyJet was aware of the data breach, which revealed personal information of nine million customers and the credit card information of over 2,200 customers, in January.

News of the cyber attack broke yesterday, revealing that the attacker or attackers had access to the data of customers who booked flights from 17 October 2019 to 4 March 2020.

In a statement, the airline said: “We’re sorry that this has happened, and we would like to reassure customers that we take the safety and security of their information very seriously.

“There is no evidence that any personal information of any nature has been misused.”

However, while there is no evidence the data was misused, that does not mean that it cannot be misused. Experts suggest that personal information “drives a higher price on the dark web” – the area of the internet inaccessible by mainstream search engines – and could be used for organised crime or ransomed.

Two people with knowledge of the investigation have said that Chinese hackers are supposedly responsible for the hack based on similarities in hacking tools and techniques used in previous campaigns, but that has yet to be officially confirmed.

In a statement, the Information Commissioners' Office (ICO) said: “We have a live investigation into the cyber attack involving easyJet. People have the right to expect that organisations will handle their personal information securely and responsibly. When that doesn’t happen, we will investigate and take robust action where necessary.”

Under GDPR legislation, the ICO can impose a fine of 4 per cent of easyJet’s turnover in 2019, which could amount to £255m. The average total cost of a data breach is approximately £3.2m.

Cyberattacks against airlines rose by 15,000 per cent between 2017 and 2018, and are lucrative targets not only for the amount of personal information they hold but also because, during the coronavirus pandemic, many companies have been focused on simply continuing to exist.

Airlines are also more likely to rely on older, legacy software which is more likely to be out of date and therefore exploitable, experts say.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in