EasyJet hack
The EasyJet hack was a cyberattack on the computer systems of EasyJet.[1][2]
Discovery
EasyJet first learned of the cyberattack at the end of January 2020.[1][2] Approximately nine million people were affected with the credit card details of 2,208 also accessed.[1] They notified the Information Commissioner's Office while they are investigating the crime.[1]
Public admission
EasyJet publicly announced the attack in May 2020.[1] They told the BBC that they were only able to notify customers whose details were stolen in April 2020.[1] EasyJet said "This was a highly sophisticated attacker. It took time to understand the scope of the attack and to identify who had been impacted" to the BBC.[1] They also said "We could only inform people once the investigation had progressed enough that we were able to identify whether any individuals have been affected, then who had been impacted and what information had been accessed."[1]
The affected data covers bookings made from 17 October 2019 to 4 March 2020.[2]
The stolen credit card details include the Card security code.[1]
EasyJet said they had gone public to notify the nine million customers whose email addresses had been accessed to beware of phishing attacks and that it would notify everybody by 26 May.[1] Passengers whose credit card details were accessed were notified in April.[2] They did not reveal details of the attack but said it seemed to be aimed at "company intellectual property" rather than information that could be used in identity theft.[1]
EasyJet was not obliged to notify passengers whose basic booking details were compromised but they announced the details because of an increase in phishing attacks during the COVID-19 pandemic.[2] Passport details were not accessed.[2]
The Information Commissioner's Office said they were investigating.[1] The ICO said "People have a right to expect that organisations will handle their personal information securely and responsibly. When that doesn't happen, we will investigate and take robust action where necessary."[1]
GDPR requires companies to store personal details securely and EasyJet could face fines from the ICO of 4% of the airlines's turnover in 2019.[2]
References
- ↑ 1.00 1.01 1.02 1.03 1.04 1.05 1.06 1.07 1.08 1.09 1.10 1.11 1.12 Wakefield, Jane (19 May 2020). "EasyJet admits data of nine million hacked". BBC News. https://www.bbc.com/news/technology-52722626.
- ↑ 2.0 2.1 2.2 2.3 2.4 2.5 2.6 Calder, Simon (19 May 2020). "EasyJet hack: what does it mean for me and my personal data?". The Independent. https://www.independent.co.uk/travel/news-and-advice/easyjet-data-hack-news-cyber-attack-passengers-personal-information-a9522241.html.
See also
 |
