British airlines EasyJet has admitted credit card details of 2,208 customers had been stolen by hackers who have also managed to access email addresses and travel details of approximately 9 million people.
“We are informing our customers that EasyJet has been the target of an attack from a highly sophisticated source. A forensic investigation found that the names, email addresses and travel details of approximately 9 million customers were accessed. In addition to the above, the investigation also found that the credit card details of 2,208 customers were accessed. Action has already been taken to contact all these customers (by 26 May) and they have been offered support,” the airlines said in a release Tuesday.
National Cyber Security Centre and Information Commissioner’s Office (ICO) have been notified of the data breach.
Travel details include name, email address, departure date, origin airport and destination. Financial details and passport information were not accessed.
So far, there is no evidence of personal information, including credit card data, being misused.
This comes less than two months after another similar hacking incident in April. The airlines had said credit card details of a small group of customers had been impacted.
“If you’re an EasyJet customer, we recommend changing your password on your EasyJet account – and if you know you’ve used that password anywhere else, change it there too. The best way to make your password long and strong is by using a sequence of three random words you'll remember,” NCSC said in a statement.
Users have also been advised to use the free Two-factor authentication (2FA) feature that provides an extra layer of protection online. It can stop cyber criminals getting into users accounts - even if they have the password.
“The NCSC would recommend anybody with accounts that could have been compromised to be especially vigilant against any unusual activity in their bank accounts or suspicious phone calls and emails asking them for further information,” the UK government’s department tasked with creating awareness on cybersecurity threats said.
The ICO cautioned affected EasyJet travellers to be vigilant to avoid phishing attacks and scam messages.
Cybercriminals use “emails” as their weapon. They send emails with links to fake web pages that steal personal data. Google in mid-April said it was blocking over 100 million phishing emails every day.