England-based airline EasyJet admitted that a high-level attack exposed the data of around 9 million users, said The New York Times. Information revealed includes travel plans, contact details, and some financial credentials.
In a statement released by the airline, the issue has been taken care of and that the breach has been closed off. The company also conducted an investigation to determine the extent of the attack. The inquiry found that 2,208 customers for their credit card details are stolen.
For the rest of the victim, the attackers were able to extract their email addresses and itineraries. EasyJet gave the assurance that passport info has not been compromised. According to the airline, affected customers would be informed of the matter by May 26.
Tech Crunch noted that the airline did not disclose when the incident happened. It also did not release details on how it happened.
Regarding EasyJet’s commitment to data security, Chief Executive Officer Johan Lundgren said, “We take cybersecurity of our systems very seriously and have robust security measures in place to protect our customers’ personal information.”
To address the issue, the company has been in touch with the British Government’s National Cyber Security Centre and the Information Commissioner’s Office. These agencies are tasked with helping companies seal with computer security and evaluating data breaches.
According to Tech Crunch, companies involved in such incidents are given 72 hours to notify regulatory agencies. This rule is implemented under European data protection laws.
Lundgren explained that the attack occurred as criminals “get ever more sophisticated.” The CEO also told customers to “be extra vigilant, particularly if they receive unsolicited communications.”
Such warnings came in light of the virus pandemic. Experts are wary that stolen data may be used for online scams and identity theft.
The Tech Crunch report also noted that the aviation industry, including airlines, has taken a hard hit because of the pandemic. EasyJet is reported to be one of the first companies to seek help from the United Kingdom government in order to avoid financial collapse.
Meanwhile, The New York Times said that this is not the first incident of data theft involving airlines. Cathay Pacific was also in a similar situation in 2018 when a cyberattack exposed the info of 9.4 million customers.
British Airways also underwent the same ordeal when hackers victimized around 500,00 customers in 2019. The Information Commissioner’s Office said that this airline will be fined if more than GBP 230 million.