EasyJet Data Breach Impacts Nine Million Customers

EasyJet Data Breach Impacts Nine Million Customers

7

EasyJet has today reported a massive data breach, which could prove costly for the airline.

EasyJet’s cyber security incident

It has been announced that EasyJet was the target of an attack from a “highly sophisticated source.” The airline has disclosed the incident to the Information Commissioner’s Office (ICO), and has taken steps to respond to and manage the incident by engaging forensic experts to investigate the breach.

EasyJet’s investigation has found that the email addresses and travel details of approximately nine million customers were accessed. The airline says that customers who were impacted will be contacted no later than May 26, 2020.

The airline also found that for 2,208 customers, credit card details were accessed. The airline has already contacted all those customers who were impacted by that, and has offered support.

The airline notes that there’s no evidence that personal information of any nature has been misused, though the airline is still contacting impacted customers to advise them of protective steps that can be taken to minimize any risk of potential phishing.

In particular, the airline is advising customers to be alert of any unsolicited communications, and to be cautious of any communication purporting to come from EasyJet or EasyJet Holidays.

EasyJet could be looking at a huge fine

With GDPR in the UK, companies can face massive fines for any security breaches, which can total up to 4% of annual turnover. The biggest ever fine was a £500,000 fine to Facebook.

When it comes to travel brands, some may recall that after British Airways’ data breach, the airline was looking at a fine of up to £183m, equal to roughly 1.5% of turnover. Meanwhile for Marriott’s data breach, the company was looking at a fine of up to £99 million.

We’ll have to wait and see what kind of a fine is decided on for EasyJet, if any.

Bottom line

EasyJet has revealed a huge data breach that involves about nine million customers, though fortunately credit card details were stolen for just over 2,200 people, which is a small percentage of customers impacted.

Those with a credit card breach should have already been contacted, while others should be contacted by May 26.

Conversations (7)
The comments on this page have not been provided, reviewed, approved or otherwise endorsed by any advertiser, and it is not an advertiser's responsibility to ensure posts and/or questions are answered.
Type your response here.

If you'd like to participate in the discussion, please adhere to our commenting guidelines. Anyone can comment, and your email address will not be published. Register to save your unique username and earn special OMAAT reputation perks!

  1. RainbowBridge New Member

    A law firm, PGMBM, has filed a group action lawsuit over this data breach.

  2. Julian Guest

    EasyJet originally quoted that if my flight was cancelled I can change it to "any flight across our network."
    After my flight my cancelled they adjusted the terms and conditions to "Within Europe"
    Is that legal? Can they adjust the terms of sale after sale is complete? And after it got cancelled?

  3. Eskimo Guest

    @Belilinda

    Or they could just hire someone?
    Willie Walsh maybe, but I seriously won't rule out Michael O'Leary for hiring hackers that's for sure. Or maybe it was Richard Branson.

  4. A Consumer Member

    @Belilinda, Your comment made me smile.

  5. Belilinda Guest

    @Eskimo interesting idea but they said it was an attack from a “highly sophisticated source.” Given the parlous state of BA’s IT, I can’t imagine they can even spell cyberattack, let alone execute one.

  6. Eskimo Guest

    Interesting, how to bankrupt an airline.

    Hack them during COVID-19!!
    The fines are more than enough to destroy liquidity. Could this be foul play by Ryanair or IAG????

  7. David Guest

    Breach happened in January, apparently.

    They kept this under wraps for a long time.

Featured Comments Most helpful comments ( as chosen by the OMAAT community ).

The comments on this page have not been provided, reviewed, approved or otherwise endorsed by any advertiser, and it is not an advertiser's responsibility to ensure posts and/or questions are answered.

RainbowBridge New Member

A law firm, PGMBM, has filed a group action lawsuit over this data breach.

0
Julian Guest

EasyJet originally quoted that if my flight was cancelled I can change it to "any flight across our network." After my flight my cancelled they adjusted the terms and conditions to "Within Europe" Is that legal? Can they adjust the terms of sale after sale is complete? And after it got cancelled?

0
Eskimo Guest

@Belilinda Or they could just hire someone? Willie Walsh maybe, but I seriously won't rule out Michael O'Leary for hiring hackers that's for sure. Or maybe it was Richard Branson.

0
Meet Ben Schlappig, OMAAT Founder
5,163,247 Miles Traveled

32,614,600 Words Written

35,045 Posts Published