Connect with us

Hi, what are you looking for?


Budget airline EasyJet suffers major data breach (Includes interview)

According to the BBC, EasyJet has announced that a cyberattack” has affected approximately nine million of its customers. Some customers have been hit more significantly than others, with email addresses and travel details being copied, plus, for 2,208 customers, they have had their credit card details “accessed”.

The incident took place in January 2020, although the airline is only now beginning to notify customers, as The Daily Telegraph reports.

While EasyJet has stated that there is no evidence that information has been misused yet, given the breadth of data that airlines hold, follow-up phishing attacks could be damaging., according to Bitglass CTO Anurag Kahol. He tells Digital Journal that details as to how the breach occurred have yet to be declared. The company has alerted the UK’s Information Commissioner’s Office and National Cyber Security Centre (NCSC) as well as hired an expert to look into the breach.

According to Kahol, this sector of the economy is “extremely attractive target to cybercriminals, as they can collect and store personally identifiable information (PII) on billions of passengers every year, including passport numbers, credit card information, email addresses and much more. In this easyJet incident, millions of passenger email addresses and travel details, along with thousands of credit card numbers were compromised.”

With the specific attack, he notes: “Although the airline stated that there’s no evidence of the data being misused, bad actors could leverage this information to launch sophisticated phishing attacks against those impacted to gather even more sensitive. Additionally, hackers could sell or leak the credit card information on the dark web for others to commit financial fraud.”

In terms of the implications, Kahol says: “It’s unclear at this time how the hackers infiltrated EasyJet’s systems, but the company says it was a ‘highly sophisticated’ attack, illustrating that cybercriminals are constantly advancing their attack methods. As such, companies must have full visibility and control over their data by implementing tools that detect and remediate misconfigurations, enforce real-time access control, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent the leakage of sensitive information.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

The answer really is blowing in the wind, and it’s killing people.


The mix of topics is a major part of the appeal. So is the opportunity to have genuine conversations.

Tech & Science

Bitzlato was a China-based cryptocurrency exchange - Copyright AFP/File OLIVIER MORINThe Russian founder of the Bitzlato cryptocurrency exchange pleaded guilty on Wednesday to operating...


A third presidential term for Abdel Fattah al-Sisi is a certainty - Copyright AFP Khaled DESOUKIEgypt is gearing up this month for a presidential...