easyJet hacked – 9 million customer accounts accessed

Links on Head for Points may pay us an affiliate commission. A list of partners is here.

easyJet made an announcement to the Stock Exchange this morning to confirm that its computer systems have been hacked by “an attack from a highly sophisticated source.”

easyJet has reported itself to the Information Commissioners Office and can expect a very substantial fine, potentially over £100 million based on similar cases.  British Airways was fined £184 million and Marriott £99 million for their data breaches in recent years, although neither company has yet exhausted the appeals process and paid up.

Luckily, the easyJet hack appears to be relatively modest in terms of what information was stolen.

Nine million sets of ’email addresses and travel details’ have been accessed.  easyJet will be emailing impacted customers over the next few days.

Only 2,208 people have had their passport and credit card details compromised.  These passengers have already been notified.

easyjet hacked with 9 million customers affected

The biggest risk would appear to be from phishing scams.  There is the potential to email the easyJet customer base with official-looking emails which would result in the recipient either making payment for a fictional service or supplying their credit card details in response to a request.  One logical idea would be to email passengers to say that their flight had been cancelled and to request bank details for a refund payment.

easyJet CEO Johan Lundgren made a slightly confusing statement which appeared to suggest that it was only due to coronavirus that the company was bothering to report the theft to passengers:

“We take the cyber security of our systems very seriously and have robust security measures in place to protect our customers’ personal information. However, this is an evolving threat as cyber attackers get ever more sophisticated.

“Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams.  As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.

“Every business must continue to stay agile to stay ahead of the threat. We will continue to invest in protecting our customers, our systems, and our data.

“We would like to apologise to those customers who have been affected by this incident.”

It later became clear that easyJet was aware of the hack in January and had decided not to notify those involved until pressured by the ICO.  This is likely to increase the fine it receives.

'My Favourite Hotel' review - Hotel Du Lac, Lake Como
Get a 60% bonus when you buy Marriott Bonvoy hotel points - best deal ever offered

Click here to join the 15,000 people on our email list and receive the latest Avios, miles and points news by 6am.

Amazon ad
EXCLUSIVE HFP READER OFFER FOR SME's!
Get points worth 15,000 Avios as a sign-up bonus!
OFFER ENDS 13th JULY
15,000 Avios with Capital on Tap Mastercard
About Head for Points

We help business and leisure travellers maximise their Avios, frequent flyer miles and hotel loyalty points. Visit every day for three new articles or sign up for our FREE emails via this page or the box to your right.

Comments

  1. Concerto says:

    I must say my easy.com email address was one of the worst I ever had. Towards the end, mostly inaccessible because of “hacking”, and then my address was hacked resulting in me getting lots of threatening emails displaying my password in the subject line. Luckily I used it for airline and hotel newsletters only! I have never liked this orange Easy empire and never will. They belong with anything to do with trash, which also uses the bright orange colour.

  2. I Usually get my annual email from EasyJet this month about being admitted to the flight club for another year, I hope I have requalified, best free perks you can get these days.

Please click here to read our data protection policy before submitting your comment.