Nine million easyJet customers have had their data stolen in a “highly sophisticated cyber attack”.
The budget airline said that criminal hackers accessed a database containing email addresses and travel details. The credit card details of 2,208 customers were also compromised.
The organisation has informed the ICO (Information Commissioner’s Office), which is set to investigate the incident and determine whether the airline violated the GDPR (General Data Protection Regulation).
Those affected should expect to be contacted by easyJet by 26 May.
Victims should be concerned about phishing
As with many cyber attacks, the danger is not simply fraud – although that will be a primary concern for the customers whose financial data has been stolen – but also phishing.
Armed with millions of customers’ email addresses, the criminal hackers (or whoever they sell the information to) will be able to send bogus messages supposedly from easyJet.
These messages might include an infected attachment or a link to a mock-up of easyJet’s website, with the intention of getting people to hand over their login details.
With this information, the criminals would be able to access details on victims’ accounts, such as their name, address and payment card details.
As Ray Walsh, a digital privacy expert at ProPrivacy points out, the uncertainty surrounding the coronavirus pandemic presents an ideal opportunity for phishing.
“Anybody who has ever purchased an easyJet flight is advised to be extremely wary when opening emails from now on,” he said.
“Phishing emails that leverage data stolen during the attack could be used as an attack vector at any point in the future.
“As a result, it is important for customers to be vigilant whenever they receive unsolicited emails or emails that appear to be from easyJet, as these could be fake emails which link to cloned websites designed to steal your data.”
Protect your staff from phishing attacks
There has been a surge in phishing emails during the lockdown, with cyber criminals exploiting the uncertainty surrounding the pandemic and scamming Britons out of more than £3.5 million.
If you’re worried about your employees’ ability to identify a scam email, you should take a look at our Coronavirus Phishing Attack Simulation.
This service gives you a clear picture of exactly how prepared your workforce is for a phishing email, as we send a targeted scam message to your team (minus the malicious payload, of course).
When the test is complete, we’ll provide you with a detailed report of our findings along with guidance on how to address the issues found.