Details on EasyJet data breach
British budget airline easyJet said on Tuesday, 19/05/2020 hackers had accessed the email and travel details of around 9 million customers, and the credit card details of more than 2,000 of them, in a “highly sophisticated” attack.
“There is no evidence that any personal information of any nature has been misused, however … we are communicating with the approximately 9 million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing,” it said.
The airline, which has grounded most of its flights due to the COVID-19 pandemic and is locked in a long-running battle with its founder and biggest shareholder, said it did not look like any personal information had been misused.
“We take issues of security extremely seriously and continue to invest to further enhance our security environment,” it said in a statement to the stock exchange. The company said it had engaged leading forensic experts to investigate the issue. It has also notified the Information Commissioner’s Office and the National Cyber Security Centre.
Hackers have stepped up their efforts to target major companies and the data they hold on customers. British Airways was hit in 2018 with the theft of credit card details of hundreds of thousands of its customers, while Cathay Pacific was also hit.
I believe the hackers gained access to EasyJet system because of COVID-19 work from home. EasyJet Airline did not follow the procedure to encrypt to their employee system that are working from home. These gave the hackers the open-hole to leverage their attack.
Secondly, may be email phishing, unsuspected openly of email attachment since most of their staff are working from home because of COVID-19 lock down.
Sources claim that the cyber attack is linked to Chinese hackers.