The UK-based budget airliner EasyJet told investors earlier today that it’d suffered a “highly sophisticated” cyberattack that compromised the credit card details of more than two thousand customers—not to mention the itinerary info for millions more.
In a statement posted to the company’s corporate site by the EasyJet board, they describe how the staff “[takes] issues of security extremely seriously,” and that they staunched any unauthorized access as soon as they were made aware. By then, according to the notice, the “email addresses and travel details” for roughly nine million customers were already compromised. For just over 2.2 thousand customers, those details also included info from their credit cards and passports.
“Action has already been taken to contact all of these customers and they have been offered support,” the statement explains, adding that the nine million will be contacted over the next few days if their intel was part of the initial breach.
The statement goes on to say that while they don’t have evidence that any of this intel has been used for nefarious purposes (yet), these nine million will be advised to take “protective steps” to minimize any chance that they could be caught up in potential phishing schemes.
Cyberattacks of all sorts have been on the rise amid the coronavirus pandemic, and the travel industry’s certainly seen its fair share of attacks over the past few months. This past March, the multibillion-dollar cruise-liner Carnival Corp was recently slammed with a major breach that compromised everything from passenger’s names and emails to their social security numbers. Not long after, the major hotel chain Mariott revealed that over five million of its guests were caught up in a similar breach.
According to the EasyJet statement, the breach is currently under investigation by UK cyber authorities, including the region’s data watchdog, the Information Commissioner’s Office. Last year, the ICO announced that it intended to fine British Airways a whopping £183 million—or roughly $230 million USD—after a massive data breach compromised the details for hundreds of thousands of its customers.
“People have the right to expect that organizations will handle their personal information securely and responsibly,” an ICO spokesperson said in a statement to Reuters earlier today. “When that doesn’t happen, we will investigate and take robust action where necessary.”