By now I’m sure that you have heard about the easyJet data breach. More than 9 million customers suffered breached personally identifiable information (PII), and some 2,000 customers had their card details “viewed”. Hugo van den Toorn, manager of offensive security at Outpost 24 warned that “often after such a breach, information will be sold on to underground marketplaces, this kind of data is then often used in various attacks: Credit card details for making illicit payments and personal details for targeted phishing attacks”. The significant damages following this breach will most likely result in hefty regulatory fines and substantial loss of trust between easyJet and its customers. In fact, Under GDPR legislation, the Information Commissioner’s Office (ICO) can impose a fine of 4 per cent of easyJet’s turnover in 2019, which could amount to £255m.
Johan Lundgren, CEO of easyJet issued a public apology yesterday, highlighting the increased risk that customers face in a landscape dominated by COVID-19 themed phishing scams. “Since we became aware of the incident, it has become clear that owing to Covid-19 there is heightened concern about personal data being used for online scams. As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.”
Niamh Muldoon, senior director of trust and security at OneLogin noted that “easyJet have followed correct procedures by notifying the customers who were affected and publicly warning the nine million people whose email addresses had been stolen”. However, Muldoon raised further issues with current security standards, stating: “attackers know that many organisations are not ..
Support the originator by clicking the read the rest link below.
