British low-cost airline group easyJet revealed that an hacking incident had exposed approximately nine million customers' information.
On May 19, easyJet issued a "Notice of cyber security incident" in which it revealed that it had fallen victim to a digital attack from a "highly sophisticated source." An investigation revealed that those responsible for the security event had succeeded in accessing the email addresses and travel details of approximately nine million customers, the notice explained. According to the statement, forensic evidence also demonstrated that malicious actors had accessed the credit card details of an additional 2,208 customers. After learning of this issue, the company engaged forensic experts to investigate what had happened and to close off the unauthorized access. It also disclosed the security event to both the National Cyber Security Centre and the United Kingdom's Information Commissioner's Office (ICO). Johan Lundgren, CEO of easyJet, apologized for the incident and explained that this attack reflects the growing digital threat facing organizations everywhere. As quoted in the notice:
Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams. As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.
The notice indicated that easyJet will specifically alert its customers to the threat of potential phishing attempts that might appear to originate from easyJet or easyJet Holidays. Those affected by the hacking incident described above can take steps to strengthen their defenses against a phishing attack. One of the ways they can do this is by familiarizing themselves with some of the most common types of phishing attacks in circulation today. This resource is a good place to start.