EasyJet has today reported a massive data breach, which could prove costly for the airline.
EasyJet’s cyber security incident
It has been announced that EasyJet was the target of an attack from a “highly sophisticated source.” The airline has disclosed the incident to the Information Commissioner’s Office (ICO), and has taken steps to respond to and manage the incident by engaging forensic experts to investigate the breach.
EasyJet’s investigation has found that the email addresses and travel details of approximately nine million customers were accessed. The airline says that customers who were impacted will be contacted no later than May 26, 2020.
The airline also found that for 2,208 customers, credit card details were accessed. The airline has already contacted all those customers who were impacted by that, and has offered support.
The airline notes that there’s no evidence that personal information of any nature has been misused, though the airline is still contacting impacted customers to advise them of protective steps that can be taken to minimize any risk of potential phishing.
In particular, the airline is advising customers to be alert of any unsolicited communications, and to be cautious of any communication purporting to come from EasyJet or EasyJet Holidays.
EasyJet could be looking at a huge fine
With GDPR in the UK, companies can face massive fines for any security breaches, which can total up to 4% of annual turnover. The biggest ever fine was a £500,000 fine to Facebook.
When it comes to travel brands, some may recall that after British Airways’ data breach, the airline was looking at a fine of up to £183m, equal to roughly 1.5% of turnover. Meanwhile for Marriott’s data breach, the company was looking at a fine of up to £99 million.
We’ll have to wait and see what kind of a fine is decided on for EasyJet, if any.
EasyJet has revealed a huge data breach that involves about nine million customers, though fortunately credit card details were stolen for just over 2,200 people, which is a small percentage of customers impacted.
Those with a credit card breach should have already been contacted, while others should be contacted by May 26.