It wasn't just a few credit cards: Entire travel itineraries were stolen by hackers, Easyjet now tells victims

Unsurpisingly budget airline goes cheap: No payout or credit monitoring


Victims of the Easyjet hack are now being told their entire travel itineraries were accessed by hackers who helped themselves to nine million people’s personal details stored by the budget airline.

As reported earlier this week, the data was stolen from the airline between October 2019 and January this year. Easyjet kept quiet about the hack until mid-May, though around 2,200 people whose credit card details were stolen during the cyber-raid were told of this in early April, months after the attack.

Today emails from the company began arriving with customers. One seen by The Register read:

Our investigation found that your name, email address, and travel details were accessed for the easyJet flights or easyJet holidays you booked between 17th October 2019 and 4th March 2020. Your passport and credit card details were not accessed, however information including where you were travelling from and to, your departure date, booking reference number, the booking date and the value of the booking were accessed.

We are very sorry this has happened.

It also warned victims to be on their guard against phishing attacks by miscreants using the stolen records, especially if any “unsolicited communications” arrived appearing to be from Easyjet or its package holidays arm.

Perhaps to avoid spam filters triggered by too many links, the message mentioned, but did not link to, a blog post from the Information Commissioner's Office titled, “Stay one step ahead of the scammers,” as well as one from the National Cyber Security Centre, published last year, headed: “Phishing attacks: dealing with suspicious emails and messages.”

There was no mention in the message to customers of compensation being paid as a result of the hack. Neither, when El Reg asked earlier this week, did Easyjet address the question of compo or credit monitoring services.

More woes, as Easyjet founder flounders

Separately, an Easyjet company general meeting held this morning to sack its CEO and key execs ended with company founder Stelios Haji-Ioannou being outvoted by his shareholders.

BA photo by Artyom Anikeev via Shutterstock

UK privacy watchdog threatens British Airways with 747-sized fine for massive personal data blurt

READ MORE

Stelios wanted to replace them with people who would cancel a £4.5bn order for new Airbus aircraft, which he says is unnecessary spending at a critical moment. No new details about the hack were mentioned in news reports of the meeting.

Stelios did not take news of his loss well, issuing a statement [PDF] accusing Easyjet and Airbus of “voting fraud,” threatening to sue the Daily Telegraph for pouring scorn on his anti-Airbus campaign, and branding Airbus itself “the scoundrels”.

The Guardian reported Easyjet finance chief John Barton as saying: “The company has no right to unilaterally terminate the contract [with Airbus].

"The one-off costs associated with termination would be very material and taken with the future value of contract, termination would be hugely detrimental and seriously impact the company’s ability to operate as a low-cost airline.”

Easyjet's fleet has an average age, according to a planespotters' website, of just over eight years – relatively young in aviation terms – though some of its longest-serving aircraft are more than 15 years old. ®


Other stories you might like

  • 5G C-band rollout at US airports slowed over radio altimeter safety fears
    Well, they did say from July, now they really mean from July 2023

    America's aviation watchdog has said the rollout of 5G C-band coverage near US airports won't fully start until next year, delaying some travelers' access to better cellular broadband at crowded terminals.

    Acting FAA Administrator Billy Nolen said in a statement this month that its discussions with wireless carriers "have identified a path that will continue to enable aviation and 5G C-band wireless to safely co-exist."

    5G C-band operates between 3.7-3.98GHz, near the 4.2-4.4GHz band used by radio altimeters that are jolly useful for landing planes in limited visibility. There is or was a fear that these cellular signals, such as from cell towers close to airports, could bleed into the frequencies used by aircraft and cause radio altimeters to display an incorrect reading. C-band technology, which promises faster mobile broadband, was supposed to roll out nationwide on Verizon, AT&T and T-Mobile US's networks, but some deployments have been paused near airports due to these concerns. 

    Continue reading
  • IBM settles age discrimination case that sought top execs' emails
    Just days after being ordered to provide messages, Big Blue opts out of public trial

    Less than a week after IBM was ordered in an age discrimination lawsuit to produce internal emails in which its former CEO and former SVP of human resources discuss reducing the number of older workers, the IT giant chose to settle the case for an undisclosed sum rather than proceed to trial next month.

    The order, issued on June 9, in Schenfeld v. IBM, describes Exhibit 10, which "contains emails that discuss the effort taken by IBM to increase the number of 'millennial' employees."

    Plaintiff Eugene Schenfeld, who worked as an IBM research scientist when current CEO Arvind Krishna ran IBM's research group, sued IBM for age discrimination in November, 2018. His claim is one of many that followed a March 2018 report by ProPublica and Mother Jones about a concerted effort to de-age IBM and a 2020 finding by the US Equal Employment Opportunity Commission (EEOC) that IBM executives had directed managers to get rid of older workers to make room for younger ones.

    Continue reading
  • FTC urged to probe Apple, Google for enabling ‘intense system of surveillance’
    Ad tracking poses a privacy and security risk in post-Roe America, lawmakers warn

    Democrat lawmakers want the FTC to investigate Apple and Google's online ad trackers, which they say amount to unfair and deceptive business practices and pose a privacy and security risk to people using the tech giants' mobile devices.

    US Senators Ron Wyden (D-OR), Elizabeth Warren (D-MA), and Cory Booker (D-NJ) and House Representative Sara Jacobs (D-CA) requested on Friday that the watchdog launch a probe into Apple and Google, hours before the US Supreme Court overturned Roe v. Wade, clearing the way for individual states to ban access to abortions. 

    In the days leading up to the court's action, some of these same lawmakers had also introduced data privacy bills, including a proposal that would make it illegal for data brokers to sell sensitive location and health information of individuals' medical treatment.

    Continue reading

Biting the hand that feeds IT © 1998–2022