A few weeks ago it was reported that data from around nine million users of British airline Easyjet were compromised due to a “highly sophisticated attack”. According to experts from a GDPR course, hackers accessed email addresses and travel details belonging to millions of customers, as well as stealing card data from at least 2,200 passengers.
The company tried to secure the compromised information as soon as possible although the threat actors were able to access the compromised data; now they’re using it to attack the airline’s customers. According to daily The Sun, reports of Easyjet leak fraud began to proliferate for a couple of weeks; in total, 51 reports have been submitted resulting in losses totaling £11,752.
A representative of the British authorities mentioned: “For now we advise users who believe they have been victims of malicious activity as a result of this incident to notify the relevant bodies; this process can be done online.”
On the other hand, the company stated, “We have no evidence that there have been financial losses caused by this incident, but last week we asked the authorities for a report on any relevant news.” So far, Easyjet has not made updates on the damage, GDPR course experts mentioned.
When the incident was reported, Easyjet stated that affected users would be notified directly, adding that it would not be notified to users whose information was not involved in the data breach.
A statement on the company’s website only mentioned: “We can state that the attackers did not access the passport details of the users. Neither passwords nor reservation details were affected.” According to GDPR experts, Easyjet’s IT team managed to evict hackers from their networks and implement some measures to prevent similar incidents from happening again in the future.
British authorities launched a series of measures that users can take while the incident is being investigated. Passengers concerned about their information can also contact Easyjet directly, mentions the International Institute of Cyber Security (IICS).
This is not the first time a British company-like incident has occurred. A couple of years ago, british Airways’ massive hacking was revealed, committing a total of 380,000 payment card registrations, which were extracted from its website. In 2015, millions of TalkTalk user details were also exposed, affecting millions of the company’s customers.