Hackers have penetrated more than nine million EasyJet customer records. These include email, payment details, travel arrangements and some credit card numbers.
EasyJet claimes it is a ‘highly sophisticated hack‘ (aren’t they all). Analysts say the economy airline used economy software that was an open invitation to hackers.
The hack happened back in January, but EasyJet only owned up to it last week. “It took time to understand the scope of the attack and to identify who had been impacted,” the airline told the BBC.
Flyers received a trite email
Our investigation found that your name, email address, and travel details were accessed for the EasyJet flights or easyJet holidays you booked between XXth October 2019 and XXth March 2020. Your passport and credit card details were not accessed, however, information including where you were travelling from, and to, your departure date, booking reference number, the booking date and the value of the booking were accessed. We are very sorry this has happened.
GadgetGuy’s take – Hacks like EasyJet are happening all too often.
Already there are the beginnings of an £18bn compensation claim. It is about £2000 per person. See here if you are affected and want to join it. The amount covers all the time and inconvenience of having to reset passwords, let alone worry that there may be enough information to pull off widespread identity theft.
It is also a gross invasion of privacy. The sensitive personal data leaked includes full names, email addresses and most disturbingly of all, travel data including departure dates, arrival dates and booking dates. In particular, the exposure of details of individuals’ personal travel patterns may pose security risks to individuals and is a gross invasion of privacy.
Under Article 82 of the EU General Data Protection Regulation (EU-GDPR), customers have a right to compensation for inconvenience, distress, annoyance and loss of control of their data. Ouch!
We can only say that what goes online stays online forever!
To quote Check Point
There is enough personal information in the stolen records to make those people targets for identity theft and fraud. Hackers are likely to trade the stolen data as well as trying to trick customers into revealing further personal details using targeted phishing emails.