British airline could face hefty fine from regulator
The British airline EasyJet (EZJ) has admitted that the personal information of nine million customers was accessed in what it dubbed a “highly sophisticated” cyber-attack.
Although no passport details were stolen and only 2,208 of the nine million people affected had their credit card details stolen, the revelation is an unwelcome blow to a company already struggling to cope with the consequences of the Covid-19 crisis.
By late-afternoon trading the carrier’s share price had fallen by 1.60 per cent to 542.80 pence. In the year to date EasyJet stock has suffered a plunge of almost 62 per cent.
The company did not go into detail as to how the security breach took place but maintained that it had “closed off this unauthorised access” and reported the incident to the Information Commissioner’s Office (ICO) and the National Cyber Security Centre.
Although the stock market reaction to the news was muted, EasyJet could be looking down the barrel of a significant fine. The ICO, Britain’s data regulator, has been given greater scope and power to issue companies fitness following the passage of the EU’s GDPR regulation.
Last year its competitor British Airways (IAG) was fined £183m ($224m, €205m) after hackers stole the personal data of 500,000 customers. With nine million people affected, EasyJet’s breach is one of the largest security failings to affect any company operating in Britain.
The airline’s CEO Johan Lundgren, said: “We would like to apologise to those customers who have been affected by this incident. Since we became aware of the incident, it has become clear that owing to Covid-19 there is heightened concern about personal data being used for online scams.”
And added: “As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.”
For more news go to currency.com