According to the BBC, EasyJet has announced that a cyberattack” has affected approximately nine million of its customers. Some customers have been hit more significantly than others, with email addresses and travel details being copied, plus, for 2,208 customers, they have had their credit card details “accessed”.
The incident took place in January 2020, although the airline is only now beginning to notify customers, as The Daily Telegraph reports.
While EasyJet has stated that there is no evidence that information has been misused yet, given the breadth of data that airlines hold, follow-up phishing attacks could be damaging., according to Bitglass CTO Anurag Kahol. He tells Digital Journal that details as to how the breach occurred have yet to be declared. The company has alerted the UK’s Information Commissioner’s Office and National Cyber Security Centre (NCSC) as well as hired an expert to look into the breach.
According to Kahol, this sector of the economy is “extremely attractive target to cybercriminals, as they can collect and store personally identifiable information (PII) on billions of passengers every year, including passport numbers, credit card information, email addresses and much more. In this easyJet incident, millions of passenger email addresses and travel details, along with thousands of credit card numbers were compromised.”
With the specific attack, he notes: “Although the airline stated that there’s no evidence of the data being misused, bad actors could leverage this information to launch sophisticated phishing attacks against those impacted to gather even more sensitive. Additionally, hackers could sell or leak the credit card information on the dark web for others to commit financial fraud.”
In terms of the implications, Kahol says: “It’s unclear at this time how the hackers infiltrated EasyJet’s systems, but the company says it was a ‘highly sophisticated’ attack, illustrating that cybercriminals are constantly advancing their attack methods. As such, companies must have full visibility and control over their data by implementing tools that detect and remediate misconfigurations, enforce real-time access control, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent the leakage of sensitive information.”