Connect with us

Hi, what are you looking for?


Budget airline EasyJet suffers major data breach (Includes interview)

According to the BBC, EasyJet has announced that a cyberattack” has affected approximately nine million of its customers. Some customers have been hit more significantly than others, with email addresses and travel details being copied, plus, for 2,208 customers, they have had their credit card details “accessed”.

The incident took place in January 2020, although the airline is only now beginning to notify customers, as The Daily Telegraph reports.

While EasyJet has stated that there is no evidence that information has been misused yet, given the breadth of data that airlines hold, follow-up phishing attacks could be damaging., according to Bitglass CTO Anurag Kahol. He tells Digital Journal that details as to how the breach occurred have yet to be declared. The company has alerted the UK’s Information Commissioner’s Office and National Cyber Security Centre (NCSC) as well as hired an expert to look into the breach.

According to Kahol, this sector of the economy is “extremely attractive target to cybercriminals, as they can collect and store personally identifiable information (PII) on billions of passengers every year, including passport numbers, credit card information, email addresses and much more. In this easyJet incident, millions of passenger email addresses and travel details, along with thousands of credit card numbers were compromised.”

With the specific attack, he notes: “Although the airline stated that there’s no evidence of the data being misused, bad actors could leverage this information to launch sophisticated phishing attacks against those impacted to gather even more sensitive. Additionally, hackers could sell or leak the credit card information on the dark web for others to commit financial fraud.”

In terms of the implications, Kahol says: “It’s unclear at this time how the hackers infiltrated EasyJet’s systems, but the company says it was a ‘highly sophisticated’ attack, illustrating that cybercriminals are constantly advancing their attack methods. As such, companies must have full visibility and control over their data by implementing tools that detect and remediate misconfigurations, enforce real-time access control, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent the leakage of sensitive information.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:


At petrol stations across London, southeast England and beyond, motorists hoping to fill up their tanks were met with taped off pumps, and signs...


Some 1.6 million imitation guns have been sold in Colombia in the last 12 years - Copyright POOL/AFP/File Andrew HarnikHervé BarOne can buy them...


High levels of illegal drugs have been found in a river running through Britain's Glastonbury music festival site.


Plucky Danish students braved a snowstorm in remote Jutland to snare an exclusive with Lennon and Yoko Ono for their school paper. — ©...