Visit ArabTopics.com

Patterns of Compromise: The EasyJet Data Breach

It has been a withering time for the airlines, whose unused planes moulder in a gruelling waiting game of survival.  The receivers are smacking their lips; administration has become a reality for many.  Governments across the globe dispute what measures to ease in response to the coronavirus pandemic; travel has been largely suspended; and the hope is that some viable form will resume at some point soon.

For the low-cost airline EasyJet, a further problem has presented itself.  Earlier in the week, the company revealed that it had “been the target of an attack from a highly sophisticated source”, resulting in a data breach affecting nine million customers.  Of those, 2,208 customers (“a very small subset”, as the company wished to emphasise) had had their credit and debit card details “accessed”.

The UK’s Information Commissioner’s Office had been informed about the incident but the company only revealed this catastrophic lapse in data security to individuals, as it told the BBC, “once the investigation had progressed enough that we were able to identify whether any individuals had been affected, then who had been impacted and what information had been accessed.”

EasyJet were also quick to douse the fires of this grim chapter in data insecurity.  “There is no evidence that any personal information of any nature has been misused, however, on the recommendation of the ICO, we are communicating with the approximately nine million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing.”

This phishing risk entails that opening any suspicious email purporting to be from EasyJet is simply a risk not worth taking.  Naturally, the company will have to inform, and have informed customers of that very risk, resulting in a peculiar circularity: Who to believe and what enables the recipient to detect the suspicious?  As digital privacy expert Ray Walsh opines, “Anybody who has ever purchased an EasyJet flight is advised to be extremely wary when opening emails from now on.”

For the company’s part, customers whose credit card details were compromised have received an email with a unique code, ostensibly to access services provided by a third party. A call centre to deal with concerns arising from the hack has also been established, though service on that has been typically sloppy.

Airline companies have a rather patchy record in the field of data security.  In the cybersecurity department, they seem to be rather thin, a failing that matches a global tendency.  (A 2018 report suggested a shortage of some 2.93 million.)   The implications to both airline companies and aviation infrastructure have been of such magnitude as to prompt warnings that it is merely a matter of time before aircraft are themselves the subject of cyber-attack.

The honour board on compromised customer data is a long one.  Cathay Pacific Airways experienced an attack on the scale of that of EasyJet, with a hacker accessing the personal information of 9.4 million customers over a four-year period.  This was also a case that interested the ICO, resulting in a pre-General Data Protection Regulation fine of £500,000.  The ICO investigation revealed that the airline lacked adequate security controls to ensure the integrity of passenger data within internal IT systems.  This “resulted in the unauthorised access” to “passengers’ personal details including: names, passport and identity details, dates of birth, postal and email addresses, phone numbers and historical travel information.”

Cathay Pacific’s systems were penetrated via an internet server enabling the installation of data harvesting malware.  It did not help that the data storage regime in place was weak and complacent.  Back-up files were not password protected; internet-facing serves were unpatched; the presence of inadequate and outdated anti-virus protection software was noted.

British Airways was less fortunate in being fined £183 million in 2019 by the ICO, armed with the more punitive powers of the GDPR, for failing to take adequate steps in protecting the personal information of some 380,000 customers.  The 2018 compromise of data took place through bookings made on its website (ba.com) and the British Airways mobile app over the course of a 15 day period.  As with EasyJet, the company adopted a strategy of understating the effect of it all.  Yes, personal details had been stolen, including the names, addresses and financial information of customers, but those cheeky hackers did not make away with passport or travel details.  And, before anybody should get too excited, the cyber incident was, according to a spokesperson for British Airways, “data theft, rather than a breach”.

None of this impressed the Information Commissioner Elizabeth Denham.  “People’s personal data is just that – personal.  When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it.”

Not to be left out, Air Canada also confirmed a data breach on its mobile app in August 2018, though the scale was a more modest 20,000 individuals.  One defective feature of the airline’s operating systems stood out: a mediocre password policy accepting only letters and numbers.

Such patterns of compromise are all too common in the commercial aviation industry, but EasyJet’s Chief Executive Officer Johan Lungren claims to be wiser after the fact.  “Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams.”  Pressed by the ICO, “we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant particularly if they receive unsolicited communications.” A fine of some magnitude is expected.

Source: 
Dissident Voice

Dear friends of this aggregator

  • Yes, I intentionally removed Newsbud from the aggregator on Mar 22.
  • Newsbud did not block the aggregator, although their editor blocked me on twitter after a comment I made to her
  • As far as I know, the only site that blocks this aggregator is Global Research. I have no idea why!!
  • Please stop recommending Newsbud and Global Research to be added to the aggregator.

Support this site

News Sources

Source Items
Please Stop the Ride 23
The Infectious Myth 22
Lockdown Skeptics 25
Sam Husseini 31
Dr. Andrew Kaufman 3
Swiss Propaganda Research 20
Off Guardian 72
Cory Morningstar 10
James Bovard 48
WWI Hidden History 51
Grayzone Project 426
Pass Blue 373
Dilyana Gaytandzhieva 17
John Pilger 425
The Real News 367
Scrutinised Minds 29
Need To Know News 3373
FEE 5418
Marine Le Pen 403
Francois Asselineau 25
Opassande 53
HAX on 5July 220
Henrik Alexandersson 1227
Mohamed Omar 404
Professors Blog 10
Arg Blatte Talar 40
Angry Foreigner 19
Fritte Fritzson 12
Teologiska rummet 32
Filosofiska rummet 143
Vetenskapsradion Historia 196
Snedtänkt (Kalle Lind) 261
Les Crises 3941
Richard Falk 220
Ian Sinclair 136
SpinWatch 61
Counter Currents 12609
Kafila 655
Gail Malone 45
Transnational Foundation 221
Rick Falkvinge 95
The Duran 11358
Vanessa Beeley 215
Nina Kouprianova 9
MintPress 6097
Paul Craig Roberts 2559
News Junkie Post 74
Nomi Prins 27
Kurt Nimmo 191
Strategic Culture 6147
Sir Ken Robinson 28
Stephan Kinsella 119
Liberty Blitzkrieg 885
Sami Bedouin 65
Consortium News 2685
21 Century Wire 4134
Burning Blogger 324
Stephen Gowans 102
David D. Friedman 165
Anarchist Standard 16
The BRICS Post 1541
Tom Dispatch 631
Levant Report 18
The Saker 5119
The Barnes Review 601
John Friend 535
Psyche Truth 160
Jonathan Cook 162
New Eastern Outlook 4903
School Sucks Project 1828
Giza Death Star 2181
Andrew Gavin Marshall 28
Red Ice Radio 685
GMWatch 2589
Robert Faurisson 150
Espionage History Archive 35
Jay's Analysis 1176
Le 4ème singe 91
Jacob Cohen 221
Agora Vox 19521
Cercle Des Volontaires 455
Panamza 2603
Fairewinds 121
Project Censored 1251
Spy Culture 628
Conspiracy Archive 84
Crystal Clark 14
Timothy Kelly 649
PINAC 1482
The Conscious Resistance 1056
Independent Science News 91
The Anti Media 6877
Positive News 820
Brandon Martinez 30
Steven Chovanec 61
Lionel 317
The Mind renewed 460
Natural Society 2627
Yanis Varoufakis 1145
Tragedy & Hope 122
Dr. Tim Ball 114
Web of Debt 166
Porkins Policy Review 456
Conspiracy Watch 174
Eva Bartlett 646
Libyan War Truth 373
DeadLine Live 1916
Kevin Ryan 68
BSNEWS 2129
Aaron Franz 270
Traces of Reality 166
Revelations Radio News 123
Dr. Bruce Levine 160
Peter B Collins 1792
Faux Capitalism 205
Dissident Voice 11975
Climate Audit 227
Donna Laframboise 510
Judith Curry 1191
Geneva Business Insider 40
Media Monarchy 2732
Syria Report 84
Human Rights Investigation 94
Intifada (Voice of Palestine) 1685
Down With Tyranny 13616
Laura Wells Solutions 50
Video Rebel's Blog 483
Revisionist Review 485
Aletho News 22952
ضد العولمة 27
Penny for your thoughts 3399
Northerntruthseeker 2902
كساريات 37
Color Revolutions and Geopolitics 27
Stop Nato 4885
AntiWar.com Blog 3419
AntiWar.com Original Content 7673
Corbett Report 2665
Stop Imperialism 491
Land Destroyer 1298
Webster Tarpley Website 1154

Compiled Feeds

Public Lists

Title Visibility
Funny Public