EasyJet Data Breach Impacts Nine Million Customers

Filed Under: Other Airlines

EasyJet has today reported a massive data breach, which could prove costly for the airline.

EasyJet’s cyber security incident

It has been announced that EasyJet was the target of an attack from a “highly sophisticated source.” The airline has disclosed the incident to the Information Commissioner’s Office (ICO), and has taken steps to respond to and manage the incident by engaging forensic experts to investigate the breach.

EasyJet’s investigation has found that the email addresses and travel details of approximately nine million customers were accessed. The airline says that customers who were impacted will be contacted no later than May 26, 2020.

The airline also found that for 2,208 customers, credit card details were accessed. The airline has already contacted all those customers who were impacted by that, and has offered support.

The airline notes that there’s no evidence that personal information of any nature has been misused, though the airline is still contacting impacted customers to advise them of protective steps that can be taken to minimize any risk of potential phishing.

In particular, the airline is advising customers to be alert of any unsolicited communications, and to be cautious of any communication purporting to come from EasyJet or EasyJet Holidays.

EasyJet could be looking at a huge fine

With GDPR in the UK, companies can face massive fines for any security breaches, which can total up to 4% of annual turnover. The biggest ever fine was a £500,000 fine to Facebook.

When it comes to travel brands, some may recall that after British Airways’ data breach, the airline was looking at a fine of up to £183m, equal to roughly 1.5% of turnover. Meanwhile for Marriott’s data breach, the company was looking at a fine of up to £99 million.

We’ll have to wait and see what kind of a fine is decided on for EasyJet, if any.

Bottom line

EasyJet has revealed a huge data breach that involves about nine million customers, though fortunately credit card details were stolen for just over 2,200 people, which is a small percentage of customers impacted.

Those with a credit card breach should have already been contacted, while others should be contacted by May 26.

  1. Interesting, how to bankrupt an airline.

    Hack them during COVID-19!!
    The fines are more than enough to destroy liquidity. Could this be foul play by Ryanair or IAG????

  2. @Eskimo interesting idea but they said it was an attack from a “highly sophisticated source.” Given the parlous state of BA’s IT, I can’t imagine they can even spell cyberattack, let alone execute one.

  3. @Belilinda

    Or they could just hire someone?
    Willie Walsh maybe, but I seriously won’t rule out Michael O’Leary for hiring hackers that’s for sure. Or maybe it was Richard Branson.

  4. EasyJet originally quoted that if my flight was cancelled I can change it to “any flight across our network.”
    After my flight my cancelled they adjusted the terms and conditions to “Within Europe”
    Is that legal? Can they adjust the terms of sale after sale is complete? And after it got cancelled?

Leave a Reply

If you'd like to participate in the discussion, please adhere to our commenting guidelines. Your email address will not be published. Required fields are marked *