British low cost airline EasyJet has apologized after admitting that at least 9 million customer records had been accessed by hackers, including 2,208 credit card details. For most of the passengers whose records were exposed, data stolen appears to be names, addresses and flight itineraries.
Included in the stolen data was the 3 digit CVV security code on the back of passenger credit cards.
Worse, the airline was aware of the data breach in January according to the BBC but delayed months in warning most customers of the breach. “This was a highly sophisticated attacker. It took time to understand the scope of the attack and to identify who had been impacted. We could only inform people once the investigation had progressed enough that we were able to identify whether any individuals have been affected, then who had been impacted and what information had been accessed… For further information you email us at [email protected],” said the airline in a written justification.
“Sadly, with nine million customers affected, this makes it one of the UK’s largest ever data breaches. Unfortunately, EasyJet has so far only issued a very short statement that leaves many questions unanswered,” said Sean Humber, a solicitor with the law firm Leigh Day.
EasyJet Airbus A320 Photo courtesy of EasyJet