Cyber Incident Victim: EasyJet

In early 2020, EasyJet experienced a cybersecurity incident involving unauthorized access to customer data. The airline disclosed the breach publicly on May 19, 2020, describing it as a "highly sophisticated cyber-attack" that compromised approximately nine million customer records. Stolen information included email addresses and travel itinerary details for the majority of affected individuals. A subset of 2,208 customers had their credit card or debit card information accessed during the breach. EasyJet notified the UK Information Commissioner's Office (ICO) about the incident in compliance with data protection regulations. The company issued direct communications to customers whose payment details were exposed, while those whose email and travel data was taken received generalized security advisories.

The breach exposed affected customers to heightened risks of financial fraud and identity theft, as emphasized by ICO warnings. Attackers could potentially use the stolen travel and contact information to craft targeted phishing campaigns or facilitate unauthorized account access. EasyJet advised all impacted individuals to remain vigilant against suspicious communications and to monitor their financial accounts for irregularities. While full technical details of the attack vector weren't disclosed, the incident underscored systemic vulnerabilities in handling large volumes of passenger data within the aviation sector. The compromise represented one of the most significant data breaches affecting a European airline at the time, with long-term reputational and operational consequences for the organization.