Easyjet Cyber- breach affected around 9 million customers.
Details have emerged this month that email addresses, travel details and in some cases, credit and debit card information, have been stolen from this very renowned company.
Easyjet have informed and is working closely with the UK’s information Commissioners Office (ICO) during the on-going investigation.
EasyJet first became aware of the attack in January, but it was only able to start informing customers about the breach in April. The reason being that it was such a highly sophisticated attack, so it took time to unravel and find who had been impacted.
"We could only inform people once the investigation had progressed enough that we were able to identify whether any individuals have been affected, then who had been impacted and what information had been accessed."
In some cases, even the CVV number on the backs of credit cards had been stolen, along with the other credit card data.
Easyjet have now owned up to the breach and have warned nine million customers whose email address information has been accessed to alert them to ‘Phishing’ Attacks. (Phishing attempts - which see criminals sending emails with links to fake web pages that steal personal data - have risen exponentially during the coronavirus crisis)
All affected customers should have been notified by Easyjet if any of their personal details had been infiltrated by 26 May.
The nature or motives for the attacks are not yet confirmed, but suggestions are that the cyber-criminals were trying to target ‘company intelligence’ property, rather than personal data to use in Identity thefts. So far, there is no evidence to reveal that information has been misused in any way, but the ICO has recommended to make contact with the 9 million customers and inform them to take appropriate security steps to minimise the risks of possible phishing attacks, advising extreme vigilance when receiving any communications that profess to come from Easyjet or Easjet Holidays.
The ICO stated that the investigation was on-going. They also said:
"People have a right to expect that organisations will handle their personal information securely and responsibly. When that does not happen, we will investigate and take robust action where necessary."
What Should You Do?
If this may include you, consider taking these steps to help safeguard your personal information immediately, and to maintain your sense of online privacy.
- Change all passwords, email or otherwise, associated with the affected account.
- Use a combination of uppercase and lowercase letters, symbols, and numbers.
- Monitor your financial accounts and report any suspicious activity.
- This breach is a reminder that you should regularly review your credit card and bank statements, looking for unfamiliar activity. If you see a transaction that isn't yours — no matter how small — contact your financial institution immediately to let them know.
- Beware of websites offering to check if you were affected by the breach, as it may be a trick to steal your personal information. Use Norton™ Safe Web, a free service from Norton that can help safely check a website's reputation.
- Also, keep in mind that it can be safer to use credit cards instead of debit cards when making purchases. Why? Debit cards can give fraudsters direct access to the money in your checking account. With a credit card, the transaction doesn't directly involve your bank account.