Connect with us

Hi, what are you looking for?

Life

Budget airline EasyJet suffers major data breach (Includes interview)

According to the BBC, EasyJet has announced that a cyberattack” has affected approximately nine million of its customers. Some customers have been hit more significantly than others, with email addresses and travel details being copied, plus, for 2,208 customers, they have had their credit card details “accessed”.

The incident took place in January 2020, although the airline is only now beginning to notify customers, as The Daily Telegraph reports.

While EasyJet has stated that there is no evidence that information has been misused yet, given the breadth of data that airlines hold, follow-up phishing attacks could be damaging., according to Bitglass CTO Anurag Kahol. He tells Digital Journal that details as to how the breach occurred have yet to be declared. The company has alerted the UK’s Information Commissioner’s Office and National Cyber Security Centre (NCSC) as well as hired an expert to look into the breach.

According to Kahol, this sector of the economy is “extremely attractive target to cybercriminals, as they can collect and store personally identifiable information (PII) on billions of passengers every year, including passport numbers, credit card information, email addresses and much more. In this easyJet incident, millions of passenger email addresses and travel details, along with thousands of credit card numbers were compromised.”

With the specific attack, he notes: “Although the airline stated that there’s no evidence of the data being misused, bad actors could leverage this information to launch sophisticated phishing attacks against those impacted to gather even more sensitive. Additionally, hackers could sell or leak the credit card information on the dark web for others to commit financial fraud.”

In terms of the implications, Kahol says: “It’s unclear at this time how the hackers infiltrated EasyJet’s systems, but the company says it was a ‘highly sophisticated’ attack, illustrating that cybercriminals are constantly advancing their attack methods. As such, companies must have full visibility and control over their data by implementing tools that detect and remediate misconfigurations, enforce real-time access control, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent the leakage of sensitive information.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

The Government of Alberta today introduced a strategy to establish itself as North America's premier destination for AI data centres.

World

The world of cryptocurrency. — © Digital JournalBitcoin broke the $100,000 mark for the first time Thursday on hopes US president-elect Donald Trump will...

Business

Palmer Luckey, a co-founder of Oculus VR, went on to co-found defense technology firm Anduril Industries after Facebook bought Oculus for $2 billion in...

Business

The OPEC oil cartel and its allies are expected to extend their supply cuts to avoid a sharp drop in prices.