Cyber hackers access details of 9 million EasyJet customers

Cyber hackers target EasyJet and access details of 9million customers in ‘highly sophisticated’ attack

  • Airline said email addresses and travel details of 9million people were accessed
  • Of those affected, 2,208 had credit cards stolen, easyJet told stock exchange 
  • Risk of phishing fraud and number of cyber attacks have risen during pandemic 

EasyJet has been the target of a major cyber attack targeting 9million customers and stealing the credit card details of 2,208 people.

The troubled airline said that the email addresses and travel details of 9million customers were accessed by cyber hackers.

It said other than those people, the passport and credit card details of the balance were not accessed and it had closed the online channels affected by the attack.  

EasyJet has not confirmed when the cyber attack occurred, when it was identified and how long the ‘highly sophisticated’ hack lasted before detection.

EasyJet said the email addresses and travel details of 9million customers were accessed, and 2,208 people had credit card details stolen (pictured, Airbus A320 planes in Berlin, 2018)

In a statement to the stock market, it said: ‘There is no evidence that any personal information of any nature has been misused, however… we are communicating with the approximately 9million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing’.   

‘We take issues of security extremely seriously and continue to invest to further enhance our security environment,’ a spokesperson added. 

‘EasyJet is in the process of contacting the relevant customers directly and affected customers will be notified no later than the 26th of May.’ 

EasyJet said it had notified the Information Commissioner’s Office (ICO), the data regulator, and the National Cyber Security Centre. 

CEO Johan Lundgren

Sir Stelios Haji-Ioannou

Sir Stelios Haji-Ioannou (right), the airline’s founder and biggest shareholder, is seeking to remove CEO Johan Lundgren (left) and three other board members this Friday

Cyber hacks on airlines increased 15,000 per cent in 2017-18 

Attacks against passenger airlines increased by over 15,000 per cent between 2017 and 2018, according to research done by Netscout.  

Hardik Modi, Netscout’s senior director for threat intelligence, says this could be because airlines are easy targets.

‘Cybercriminals have traditionally concentrated attacks on internet service providers, telecoms and cable operators. While those categories still represent prime targets, they are now relatively well-protected,’ Modi said.

In September 2018, British Airways suffered a cyber attack on its systems. Personal details, including payment data and addresses, were compromised by the hack, according to the ICO’s findings.

Last October, the High Court ruled that 500,000 BA customers affected could sue BA over the data breach. 

In May 2018, Cathay Pacific Airways was hit by a ‘brute force’ attack with numerous passwords submitted in the hope of guessing correctly. Hackers stole passport numbers, emails and dates of birth from 9.4 million passengers including 111,000 Britons.

Last March, Cathay Pacific was today hit by a £500,000 fine by the ICO for the massive data breach.

The ICO has recommended easyJet contact everyone affected because of an increased risk of phishing fraud during the coronavirus crisis. 

EasyJet chief executive Johan Lundgren said in a statement: ‘Since we became aware of the incident, it has become clear that owing to Covid-19 there is heightened concern about personal data being used for online scams.

‘As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.’ 

EasyJet’s disclosure comes as its leadership battles a number of challenges including the turbulence caused by the coronavirus pandemic.

Sir Stelios Haji-Ioannou’s family, the airline’s founder and biggest shareholder, is seeking to remove Mr Lundgren and three other board members this Friday.

A shareholder vote will take place amid a row over a £4.5billion order for new planes from Airbus which Sir Stelios is demanding should be scrapped. 

The company has also furloughed thousands of staff and borrowed £600million of taxpayer money under a government bailout scheme. 

Hackers have stepped up their efforts to target major companies and the data they hold on customers. 

British Airways was hit in 2018 with the theft of credit card details of hundreds of thousands of its customers, while Cathay Pacific was also hit. 

Hacking and detection firm Redscan CEO Mike Fenton told MailOnline: ‘These are already turbulent times for all companies within the aviation industry but the situation has just got significantly worse for easyJet. 

‘To add to the company’s woes, it is now having to explain how the personal records of 9million customers were able to be accessed. 

‘The ICO will be amongst the interested parties keen to know whether the company had appropriate protections in place to safeguard it.

‘When it comes to cyber security, the airline industry doesn’t have a great record. The British Airways breach in 2018 should have been a wake-up call and passenger confidence is likely to be at an all-time low after this.’