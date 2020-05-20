from the another-day-another-breach dept.
EasyJet Says Cyberattack Exposed Data of 9 Million Customers
EasyJet says cyberattack exposed data of 9 million customers:
UK budget airline EasyJet reported on Tuesday that hackers accessed the email addresses and travel details of more than 9 million customers in a "highly sophisticated" cyberattack. The hackers also accessed the credit card details of 2,208 customers.
The airline in the coming days will contact customers whose details were exposed in the breach. It has already contacted, and offered support to, those whose credit card information was accessed.
[...] As soon as the airline became aware of the attack, it took steps to respond to and manage the incident and engaged forensic experts to investigate the issue, EasyJet said. It also notified the National Cyber Security Centre and the ICO, the UK's data protection watchdog.
"We have a live investigation into the cyber attack involving easyJet," said a spokeswoman for the ICO in a statement. "People have the right to expect that organisations will handle their personal information securely and responsibly. When that doesn't happen, we will investigate and take robust action where necessary."
The ICO will be able to examine whether EasyJet should be fined under Europe's General Data Protection Regulation (GDPR), which is part of UK law.
EasyJet Admits Data of Nine Million Hacked
EasyJet admits data of nine million hacked:
EasyJet has admitted that a "highly sophisticated cyber-attack" has affected approximately nine million customers.
It said email addresses and travel details had been stolen and that 2,208 customers had also had their credit card details "accessed".
The firm has informed the UK's Information Commissioner's Office while it investigates the breach.
EasyJet first became aware of the attack in January.
It told the BBC that it was only able to notify customers whose credit card details were stolen in early April.
"This was a highly sophisticated attacker. It took time to understand the scope of the attack and to identify who had been impacted," the airline told the BBC.
"We could only inform people once the investigation had progressed enough that we were able to identify whether any individuals have been affected, then who had been impacted and what information had been accessed."
Stolen credit card data included the three digital security code - known as the CVV number - on the back of the card itself.
EasyJet added that it had gone public now in order to warn the nine million customers whose email addresses had been stolen to be wary of phishing attacks.
It said that it would notify everyone affected by 26 May.
(Score: 0) by Anonymous Coward on Wednesday May 20, @10:20PM (1 child)
Easiest way to avoid massive customer data breach?
Just stop storing it.
Yes! Just delete all that customer data after they've paid you! Maybe after six months.
Maybe stop storing it at all. Just take their money, store a name for the flight and leave it at that!
Imagine the data storage savings! Imagine the streamlining of the IT system!
Imagine not needing to hold bullshit meetings about storing, leveraging, damage-controlling leaks of all that useless customer data and instead focusing on your core business.
Imagine a world without MBAs.
(Score: 0) by Anonymous Coward on Wednesday May 20, @11:19PM
Your solution would violate Patriot Act, which requires airlines to store data on potential jihadis. If CIA has access to jihadi credit card data, they can look for suspicious purchases like airplane ticket + book on how to make explosives + subscription to Jihadi Monthly.