Easyjet - Hackers also siphoned off sensitive customer data
Not only Stadler Rail and the supercomputer of ETH Zurich were recently the victims of a hacker attack, but now the low-cost airline Easyjet has also been hit. Cyber criminals have successfully struck and scammed data from travelers, including credit card details.
On May 19, the British airline Easyjet announced that it had been the victim of a hacker attack. According to information, cybercriminals were able to steal data (names, email addresses, travel details) of nine million customers - including sensitive information such as passport and credit card details of over 2200 passengers. According to the airline's investigation, this affects data of customers who had booked their flights and travel in the last couple of months (approximately since October 2019 and early March 2020). The airline has started to inform its customers about the data leak. In an email obtained by SecurityForum from an Easyjet customer, it says: "Your passport and credit card details were not accessed, however the following information is affected by the incident: Your departure city, destination, departure date, booking reference number, booking date and value of the booking." And further, the budget airline writes in its customer email: It says there is no indication that personal data of any kind has been misused. However, it urges caution when receiving unexpected messages, especially if they purport to be from EasyJet or EasyJet holidays. The airline points out that it would never contact customers unsolicited to request account details or security information. It also said it would never ask customers to disclose passwords or share EasyJet account passwords. (See further Easyjet information here)
Affected persons should be particularly attentive
"This incident affects a large number of people, and while it's good that no customer passwords were affected, the stolen data - including email addresses, credit card information and customer data - provides a lot of information that the cybercriminals can use for themselves," said David Emm, Principal Security Researcher at Kaspersky. Anyone affected by the security incident needs to be especially vigilant about unsolicited messages, he said. It is likely that cybercriminals will take advantage of the situation and send phishing messages with offers - with offers that are too good to be true, he said. In addition, affected customers should regularly check their bank accounts for suspicious activity, advises the security specialist.
Safety tips
Kaspersky recommends that users protect their devices with a robust security solution and, as part of IT security, regularly update the operating system and apps as soon as new versions become available. Also strong passwords are among them: Users should only use unique and complex passwords for all their online accounts and use two-factor authentication if a provider supports it.
According to the security specialist, consumers should also keep the following points in mind to avoid falling victim to phishing emails:
- Before clicking on an Internet page, always check whether its web address, the link address or the sender's e-mail are reputable. In particular, it should be ensured that the name of a link within a message does not contain another hyperlink.
- Do not click on links or attachments in emails if they have suspicious, sometimes unusual addresses. Users should also make sure that they are legitimate and start with "https" when asking for personal or financial information.
- Do not share sensitive data such as login information, passwords, bank details or similar with third parties; reputable companies do not request such data.
Source: rs/Kaspersky
