9 million EasyJet customers hit by data breach: What to do now

nine million EasyJet customers hitting past data breach: What to do now

(Prototype credit: nitpicker/Shutterstock)

Cybercriminals stole the personal details of nine million customers, including 2,200 credit-card numbers, from British budget airline EasyJet, the airline disclosed today (May 19).

"The email address[es] and travel details of approximately nine meg customers were accessed" in "an attack from a highly sophisticated source," EasyJet said in an official statement. "These affected customers will be contacted in the side by side few days," which the statement antiseptic would exist past May 26.

The best identity theft protection services: Keep your private data private
What to exercise if your credit card is stolen
Latest: Stimulus check 2020: What yous demand to know

"For a very pocket-sized subset of customers (2,208), credit carte du jour details were accessed," the statement said. "Activity has already been taken to contact all of these customers and they take been offered support."

Details about exactly what kind of credit-card information were compromised — such as three- or 4-digit security codes — were not immediately available. But no passport numbers were compromised, the EasyJet statement said.

What kind of risks are EasyJet customers facing?

The affected EasyJet customers are not probable to be at increased hazard of identity theft, just are probable to run across much more spam and perhaps an uptick in phishing attacks equally a issue of their e-mail addresses becoming public.

"We are advising customers to keep to be alert as they would unremarkably be, particularly should they receive whatsoever unsolicited communications," the EasyJet statement said. "We also suggest customers to be cautious of any communications purporting to come from easyJet or easyJet Holidays."

The Register plant a couple of tweets dating from April 2 in which people reported receiving emails notifying them of an EasyJet data breach involving credit cards. The BBC reported that EasyJet learned of the alienation in January and notified customers whose credit cards were compromised in early on Apr.

If you've got an online account with EasyJet, information technology couldn't hurt to change the business relationship password despite there existence no indication that passwords were compromised. One of the best countersign managers might assist with that.

And if you've been told past EasyJet that your credit card was compromised in this incident, cheque your recent statements and notify the carte du jour issuer immediately if you meet anything amiss.

Fines or no fines?

EasyJet may exist confront huge fines if information technology is found to have inadequately protected customer personal data, every bit divers by European General Data Protection Regulation (GDPR). British Airways had to pay a $225 million fine to the U.K. Information Commissioner's Office for a 2018 data breach that affected 500,000 customers.

However, EasyJet may be allow off the claw: Wired UK noticed that the ICO was telling complainants that it would not enforce data-protection regulations during the coronavirus crisis. The airline, which reportedly carried 28 million passengers in 2019, has been effectively grounded since the end of March.

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry melt, long-haul driver, code monkey and video editor. He'south been rooting around in the data-security space for more than fifteen years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown upwards in random Idiot box news spots and even chastened a panel discussion at the CEDIA habitation-technology conference. Y'all can follow his rants on Twitter at @snd_wagenseil.