British low cost airline EasyJet is facing an £18 billion class-action lawsuit filed on by customers impacted by a recently-disclosed data breach. which exposed 9 million email addresses and travel details and 2,208 credit card data of customers, David Gubiani, Check Point Regional Director SE EMEA Southern, said that the detailed airline information stolen will likely be exchanged by hackers and used as bait for targeted phishing attacks against customers, especially via email claiming to be from EasyJet or from affiliated company.
The “highly sophisticated” attacker to blame for the security incident managed to access this financial information, as well as email addresses and travel details. EasyJet is still contacting impacted travelers. The National Cyber Security Centre (NCSC) and the UK’s Information Commissioner’s Office (ICO) have been notified, of which the latter has the power to impose heavy fines under GDPR if an investigation finds the carrier has been lax in data protection and security.
“There are requests for personal information in the stolen records for a long time so that these people will be targeted for identity theft and targeted fraud. Hackers target large numbers by easily being able to send tens of thousands of emails in hopes of fooling even a handful of customers. Interested customers pay attention. In the past weeks, we have witnessed a sharp increase in phishing attempts and cyber-cyber attacks, many of which are related to the Covid-19 pandemic. I wouldn’t be surprised to see other attacks launched using this stolen data” concludes Gubiani.