“We take the cyber security of our systems very seriously and have robust security measures in place to protect our customers’ personal information. However, this is an evolving threat as cyber attackers get ever more sophisticated.
Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams. As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.Every business must continue to stay agile to stay ahead of the threat. We will continue to invest in protecting our customers, our systems, and our data.
We would like to apologise to those customers who have been affected by this incident.”
easyJet breach affects 9 million customers
None of the news articles or easyJet’s disclosure have specified the vector of attack which leaked the 9 million records. All the public knows is that easyJet didn’t notify the public until months later, and has acknowledged that the stolen information will probably be used in COVID-19 related scams . While the GDPR does require notification of such breaches, in the UK the notification only needs to be given to the regulatory authority and it’s unclear why there were four months between the easyJet breach and easyJet’s disclosure of the breach.For affected customers going to the easyJet website to change their password, they are greeted with this frankly out of date password policy:
easyJet is likely to receive a fine from the Information Commissioner’s Office (ICO). In 2018, British Airways was fined about 225 million USD as a result of a breach where hackers absconded with credit card information from hundreds of thousands of customers.“Your password must be a single word between 6 and 20 characters in length and must not include the special characters # & + or space.”
About Caleb Chen
Caleb Chen is a digital currency and privacy advocate who believes we must #KeepOurNetFree, preferably through decentralization. Caleb holds a Master's in Digital Currency from the University of Nicosia as well as a Bachelor's from the University of Virginia. He feels that the world is moving towards a better tomorrow, bit by bit by Bitcoin.