Not only do we have to worry about the spread of COVID-19 while traveling, we also have to worry about our data being compromised…
EasyJet Data Breach
Welcome back everyone for another joyous Friday in quarantine! This week, another airline company faces a massive data breach putting millions of customers at risk.
This week, UK based budget travel airline, EasyJet notified customers of a recent data breach. The company claims to be a victim of a sophisticated cyber attack, and is currently working with forensic experts to clear up the attack.
Continuing, EasyJet released a statement and or letter to customers and the public regarding the breach. To see the entire letter, click the link here.
EasyJet Data Breach Notice to Customers Analysis
To begin, the notices opens with the line of recognition, stating the attack.
Following discussions with the Information Commissioner’s Office (“ICO”), the Board of easyJet announces that it has been the target of an attack from a highly sophisticated source. As soon as we became aware of the attack, we took immediate steps to respond to and manage the incident and engaged leading forensic experts to investigate the issue. We also notified the National Cyber Security Centre and the ICO. We have closed off this unauthorized access.
The company claims that immediate action took place in order to gain control of the issue. Following the introductory statement, EasyJet references the damage and amount of customer information put at risk.
Our investigation found that the email address and travel details of approximately 9 million customers were accessed. These affected customers will be contacted in the next few days. If you are not contacted then your information has not been accessed.
Further, to make matters worse the credit card information of a few thousand customers also fell into the scope of attack. The airline claims to already be on top of contacting and helping those affected.
After touching on how dearly they hold cyber security, they then go on to mention what happened to the breached information. EasyJet claims they have not come across any misuse of the breached data, but advises customers to stay vigilant.
There is no evidence that any personal information of any nature appears to be misused, however, on the recommendation of the ICO, we are communicating with the approximately 9 million customers whose travel details became accessible to advise them of protective steps to minimize any risk of potential phishing.
We are advising customers to continue to be alert as they would normally be, especially should they receive any unsolicited communications. We also advise customers to be cautious of any communications purporting to come from easyJet or easyJet Holidays.
Getting to the Point
To wrap it all up, the airline once again apologizes for the breach and lets customers know where they can find support.
We’re sorry that this has happened, and we would like to reassure customers that we take the safety and security of their information very seriously.
Customers can also find further advice at www.actionfraud.police.co.uk
To view the notice from EasyJet in its entirety, please click here.
Future Steps for EasyJet
All in all, the ball is now in EasyJet’s court. Working with forensic investigations and cyber security analysts will definitely be on the agenda. The company will want to work on resolving the issue, and rebuilding customer trust.
Data breaches not only affect the technical infrastructure of a company, but the relationship with their customers and the public. Trusting a company with your personal and financial information is not something to mess around with.
Every business must continue to stay agile to stay ahead of the threat. We will continue to invest in protecting our customers, our systems, and our data.
Another statement from EasyJet, in hopes to help smooth over the situation and reassure the public.
Will it work? Maybe. Will they be investing, updating and building on their cybersecurity infrastructure after this? Most definitely.
By Taylor Ritchey