Published: June 23, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
Recently, 9 million customers of Britain’s easyJet airline had their travel accounts hacked. It’s believed a sophisticated Chinese hacking group known for recent attacks on airlines and bulk data theft is behind the breach. While proving who’s responsible for the attack may never happen, easyJet customers filed a class-action lawsuit against the airline. Aside from having a treasure trove of data stolen from their customers, PGMBM, the law firm representing the breach victims, says the easyJet incident happened in January of 2020. The law firm claims victims of the hack were not told until four months later.
EasyJet claims there is no evidence (yet) that customer data was abused. The hijacked info includes personal info like full name, payment card details, travel itineraries, and email addresses. In this chaotic coronavirus time, hackers are stepping up cyberattacks like never before. The data stolen from easyJet customers provides enough information for a hacker to launch identity theft, targeted spearphishing email attacks, and many other fraudulent crimes.
Having a simple data breach response plan “just in case” can help prevent a lot of financial nightmares. It also adds layers of protection that can limit the full extent of the damage. One simple step is regularly checking payment card purchases and credit bureaus for any unusual activity. Immediately report red flags to payment card companies, credit bureaus, and depending on the nature and extent of the crime, inform the local law enforcement. Staying alert and acting quickly helps limit the extent of the harm and prevent further data abuse from happening.
Also, even if not alerted that your data was not captured as part of a data breach, change the password for any accounts associated with that company. This is a precaution that takes a few moments, but can potentially save a lot of headache time later. The European Union (EU) created strict laws about consumer data safety and the responsibility of enterprise to notify victims of a breach within a certain time frame. Called the GDPR (General Data Protection Regulation), the laws were created to protect consumers from businesses with lax data protection and security. One of the GDPR’s many tools is the ability to apply hefty fines on offending companies like easyJet. The four months it took for the company to notify victims was a serious breach of GDPR regulations.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at email@example.com