The personal details of nine million customers of airline EasyJet have been accessed by hackers. The stolen information consists of email addresses and travel itineraries but some 2,208 customers also had their payment card details taken.

The budget airline contacted the customers who had payment card details stolen in April and said it has informed the UK Information Commissioner’s Office (ICO) and will have informed all remaining affected customers by May 26th.

The timing between the discovery of the hack and letting customers know is critically important. GDPR states that notifications of data loss must be made within 72 hours of becoming aware of the hack or the reasons for delay made clear.

This is partly designed to protect customers who have had data stolen allowing them to take protective steps such as changing passwords.

However, it has recently emerged that the airline discovered its IT systems had been breached in January, and yet did not begin to inform some affected customers until April, and only made news of the hack public now in May.

The airline said the delay in notifying customers was because the attack was “highly sophisticated” and it has taken time to identify the affected customers. More details will no doubt emerge in time.  
 
  • Those who have been affected by the hack need to stay alert for unsolicited email communications.
  • This includes emails that may claim to be from EasyJet requesting personal information such as passwords and banking details.
  • No organisation will request personal information like bank account number, payment card information and/or passwords.
  • If in doubt, contact the company by phone to verify whether an email is legitimate.

Staying safe

We strongly recommend using BullGuard Premium Protection which includes safeguards against the damage caused by identity theft.
 
  • An advanced algorithm scans the internet 24/7, including thousands of sites on the dark web where stolen information is traded, and notifies you immediately if any of your personal data is detected.

It is an important tool that allows you to stay ahead of cybercriminals.
 
  • For instance, within the context of the EasyJet hack, you would have known if your information was put up for sale either on the internet or dark web, well before EasyJet made its public announcement and most likely well before the airline knew it had been hacked.
It's often the case that major data thefts are only discovered when hacked data appears for sale on dark web forums. Many times the companies involved have no idea that their systems have been breached.

This is why tools such as BullGuard Premium Protection are so important. You can find out more here.