Reports claim that a group of hackers manage to steal more than nine million private customer information from easyJet.
The British airline company confirms the hack on Tuesday. Moreover, two sources with knowledge of the investigation also confirmed the cyber-attack Investigators claim that the attack took place in January.
The hack is a blow to the airline company which is already experiencing a downturn because of the coronavirus pandemic. The company has already lost more than 64% of its value in just three months.
Possible attack from Chinese hackers
Early investigation result points to a possible attack from a Chinese hacking group. Investigators claim that they still cannot confirm this. However, the tools and techniques the hackers use are similar to that of a Chinese outfit that also targets airlines.
Easyjet admits hack of 9m customers' data. While we await details, everyone should
– Change your easyjet password
– Change the password on any site where you used the same password as you did with easyjet.
We need to wait to hear if payment details included.
— Martin Lewis (@MartinSLewis) May 19, 2020
The hack exposes email addresses and travel information of more than nine million easyJet customers. The easyJet management adds that of these affected customers, at least 2,200 of the have their credit card details stolen. The company claims that the attack is “highly sophisticated.”
The company claims that they find no evidence suggesting that the stolen information was misused. Moreover, the company will contact all customers affected by the hack next week.
In a statement, easyjet CEO Johan Lundgren says:
“We are contacting those customer whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.”
Repercussions to customers
Although easyJet states that the stolen customer information was not used by the hackers, there are still many implications. Cybersecurity experts said that the email addresses can be a potential target for phishing attacks. Criminals can use a fake easyJet email and attack these vulnerable customers.
Experts also note that this particular Chinese hacking group targets the travel records of specific people. This is a novel hacking technique since most of the time hackers are only after credit card information. People close to the investigation claim that hackers are tracking the movement of these specific individuals.
As for easyJet, the company is facing possible fines. In 2018, the Information Commissioner’s Office in Britain slaps a $225 million fine against the company. It is a penalty following the hack of thousands of customer credit card information.
There are some in the tech community that claims these hackers are connected to the Chinese government. On the other hand, the Chinese government denies any connection with these rogue entities.
Image courtesy of solarseven/Shutterstock