EasyJet first became aware of the attack in January according to the BBC, but only notified the 2,208 customers whose credit card details had been stolen last month. The firm said it was now going public with the attack in order to warn 9 million customers whose travel details were accessed that they should be on the lookout for phishing attacks.
The company has notified the National Cyber Security Centre and the ICO, the UK’s data protection watchdog. The ICO will now determine whether EasyJet will be fined under Europe’s General Data Protection Regulation (GDPR).
What information was exposed?
- Credit card numbers
- Email addresses
- Travel details
What is a phishing attack?
Due to the massive number of email addresses exposed, anyone who has purchased an EasyJet flight should now be wary of communications they receive from the company. Phishing is a common scheme in which someone poses as a trusted party (in this case EasyJet) in an attempt to steal personal information such as credit card numbers and other personal data. Online scams, including instances of phishing, have risen exponentially during the COVID crisis. In April, Google reported 18 million daily malware and phishing emails related to COVID-19.
Generally speaking, phishing emails might include:
- Claims a company has noticed suspicious activity on your account
- A refund or coupon offer
- A request for you to confirm personal info
- A fake invoice
Things to watch out for:
- High sense of urgency
- No personalization
- Poor spelling/grammar
Here is detailed information on how to spot a phishing scam.
If you suspect a phishing attempt following these measures, don’t reply to the email, hand out personal information, click on any links, or download attachments. You can contact the company’s support team to verify if the email is legitimate.
Looking for more info?
Visit our online safety hub for the latest breach report and a complete guide to staying secure on the internet.