In January, EasyJet suffered a major data breach. The details of approximately 9 million customers - including email addresses, travel plans as well as a small number of credit/debit card details - were stolen.
EasyJet have confirmed that they have now contacted all affected customers.
How do I know if I have been affected by the data breach?
If you have been affected, EasyJet will have notified you by email. The email will be from bookings@info.easyjet.com with the subject line Cyber Security Incident.
How might this affect you?
If you are one of the affected customers, you could be targeted with increased levels of phishing mail. The presence of travel itineraries will make it easier for scammers to craft highly convincing messages. For example, they may try to spoof EasyJet, stating there is a problem with booked travel to entice you to click a link. Or they may send you information about fake offers, or updates regarding services from other providers at your destination, such as local Hotels, car rentals or Airbnb.
What can you do to protect yourself?
This attack highlights the need for us to be on our guard more than ever, particularly when it comes to protecting both our personal and University data.
If you have been impacted by this breach, we recommend reading our recent article on Limiting the Impact of Data Breaches. This article contains tips on phishing awareness and password/account management.
In addition:
- Always report attempted phishing to spam@abdn.ac.uk.
- If you suspect a breach has occurred contact the Data Protection Team at dpa@abdn.ac.uk.
- If you are still unsure, or if you would like advice, contact the Service Desk – servicedesk@abdn.ac.uk or https://myit.abdn.ac.uk.
Liability
Some sources report that EasyJet will be liable for compensation for customers to the tune of 18 Billion pounds, on top of fines from the Information Commissioner’s office. Although this is not yet confirmed, we can be certain financial and reputational impact for EasyJet will be incredibly high.
You can read more on the data breach here: www.theregister.co.uk/2020/05/22/easyjet_hack_victim_notification/
Author: IT Security Team, DDIS