EasyJet Data Breach

1 June 2020

Yet another huge firm has been hit by a sophisticated cyber-attack this year – this time the victim being easyJet. With the attack affecting more than 9 million customers, serious questions will be posed around the safety of easyJet’s online services and it once again shines a spotlight on the importance of cyber security and being properly insured in case of a breach.

Personal information of 9 million customers was accessed in the attack, with over 2,000 customers’ credit card details being stolen – those individuals have been contacted as a matter of urgency. As such, this amounts to one of the largest breaches to hit any company in the UK and could result in a large fine from the Information Commissioner’s Office (ICO), the data regulator.

Other firms in recent history to be seriously fined by the regulator include another fellow aviation firm British Airways who were find £183m in 2019 due to over 500,000 customer records being stolen online in another cyber attack and the Marriott hotels group. Marriott was fined £99.2m for an even larger data breach than easyJet – affecting 339 million customers worldwide.

Commenting on the easyJet data breach, Alastair Douglas, CEO of finance experts TotallyMoney, said: “This data breach could be a serious problem for the 9 million easyJet customers concerned — especially since the credit card details of 2,208 customers have been stolen.

“The first point of action for anyone concerned about fraud is to check your recent transactions. It doesn’t take long for these to appear on your statement or online accounts, and it could help you spot anything fishy sooner rather than later.

“For extra peace of mind, get into the habit of checking your credit report regularly. If there’s anything you don’t recognise or anything that seems suspicious, you’ll be in a much better position to act before it becomes a real issue.

“In light on the easyJet data breach, customers should be looking specifically at hard searches and newly opened accounts that they don’t recognise on their credit report. If you find anything, get in touch with the lender straightaway.

“When it comes to protecting your personal information and finances, it’s best to err on the side of caution.”

easyJet released a statement in response to the attack saying: “There is no evidence that any personal information of any nature has been misused, however, on the recommendation of the ICO, we are communicating with the approximately 9 million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing. We are advising customers to continue to be alert as they would normally be, especially should they receive any unsolicited communications. We also advise customers to be cautious of any communications purporting to come from easyJet or easyJet Holidays.

“We’re sorry that this has happened, and we would like to reassure customers that we take the safety and security of their information very seriously. easyJet is in the process of contacting the relevant customers directly and affected customers will be notified no later than 26th of May. Customers can also find further advice at www.actionfraud.police.co.uk