• Our booking engine at tickets.railforums.co.uk (powered by TrainSplit) helps support the running of the forum with every ticket purchase! Find out more and ask any questions/give us feedback in this thread!

EasyJet: Nine million customers details accessed including credit cards in 2,200 cases

Status
Not open for further replies.

ainsworth74

Forum Staff
Staff Member
Global Moderator
Joined
16 Nov 2009
Messages
27,538
Location
Redcar
EasyJet have had a bit of bother!

EasyJet has revealed that the personal details of nine million customers have been accessed by "highly sophisticated" hackers.

The discount airline - currently mired by the grounding of flights because of the coronavirus crisis and a leadership tussle led by its founder - said it was to notify those affected in the next few days.

It stressed there was no evidence that data had been misused by criminals.

It believed that the email addresses and travel details of nine million people were exposed along with the credit card details of just over 2,200 customers.

EasyJet said other than those people, the passport and credit card details of the balance were not accessed and it had closed the online channels affected by the attack.

It was yet to confirm when the incident was identified and how long it had lasted.

The statement said: "There is no evidence that any personal information of any nature has been misused, however .. we are communicating with the approximately 9 million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing."
https://news.sky.com/story/new-cobham-owner-plots-sale-of-wireless-business-axell-11990831
It added: "We're sorry that this has happened, and we would like to reassure customers that we take the safety and security of their information very seriously.

"EasyJet is in the process of contacting the relevant customers directly and affected customers will be notified no later than 26th of May."

The company said it was working with the Information Commissioner's Office (ICO) and National Cyber Security Centre.

 
Sponsor Post - registered members do not see these adverts; click here to register, or click here to log in
R

RailUK Forums

rebmcr

Established Member
Joined
15 Nov 2011
Messages
3,845
Location
St Neots
Smells like yet another Data Bucket misconfiguration on a cloud platform. It's shocking how easy it is to make a public one — and link it to the rest of your properly-secured systems — all without realising.
 

MotCO

Established Member
Joined
25 Aug 2014
Messages
4,085
What will be the fine imposed by the Data Protection Acts? Will easyJet be insured for this, or will it be another hit to their bottom line?
 

duffield

Established Member
Joined
31 Jul 2013
Messages
1,301
Location
East Midlands
If a few companies were put totally out of business for negligent handling of personal data, it might 'encourage' the others to take it more seriously...
 

packermac

Member
Joined
16 Sep 2019
Messages
543
Location
Swanage
More interested how long this has taken to come to light. Was that an instruction for the NCA or was easyJet in effect trying to hide it. Whoever made the decision to not announce it earlier should be made to explain why.
 

Bletchleyite

Veteran Member
Joined
20 Oct 2014
Messages
97,533
Location
"Marston Vale mafia"
I had some online purchase fraud appear on my debit card yesterday afternoon. It is the card I have registered on easyjet.com. Wouldn't surprise me if my details were breached via this fraud though I haven't been notified. So keep an eye out.
 

M28361M

Member
Joined
15 May 2014
Messages
531
Location
Liverpool
I had some online purchase fraud appear on my debit card yesterday afternoon. It is the card I have registered on easyjet.com. Wouldn't surprise me if my details were breached via this fraud though I haven't been notified. So keep an eye out.

Got the email last week about the security incident but neglected to reset my password. Seeing this thread has reminded me, so thanks all.

(I note that Easyjet allows a minimum password length of just 6 characters, which I wouldn't have thought is secure enough in this day and age)

Fortunately the card I used to book my most recent flights expired in February and my replacement card has a completely different number, so no chance of any card fraud there, I would have thought. Interestingly, on logging in just now, a flight I took in September 2014 is still showing up in the "Manage bookings" section of my account but other flights I took more recently are not.
 
Status
Not open for further replies.

Top