easyJet confirmed that it has been a victim of data breach, where the hacker gained access to nine million customers’ email addresses and travel details. Additionally, 2,208 credit-card details were also compromised. The company has yet to disclose when and how the breach occurred. It has alerted the UK’s Information Commissioner’s Office and National Cyber Security Centre (NCSC) as well as hired an expert to look into the breach.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Now more than ever in the current WFH environment, individuals and enterprises should replace passwords with user identity certificates. PKI-based identity certificates make life much easier for employees by eradicating the burden of remembering, updating, and managing passwords.
Another proactive step enterprises should take is to replace multi-factor authentication with no-touch authentication. Unlike hardware-token multi-factor authentication (MFA), or SMS-based MFA, digital certificates simplify the employee experience by easing the burden of security when a workforce is remote.
Enterprises should also be proactive in automating the issuance of all identity certificates, enabling IT security teams to issue, revoke, and replace certificates quickly, reliably, and at scale, while alleviating their management burden.
Cyber criminals are opportunistic and immoral, and have increasingly targeted large, small and medium-sized organisations with a plethora of sophisticated scams, malware, phishing and hacking attacks, hoping to capitalise on their weakened state as a result of COVID-19.
Unfortunately, the influx of new and personally-owned devices into an ever-increasing remote workforce has expanded the window of opportunity for cyber attackers – providing them with a much larger range of devices and untrained remote workers to target.
Ensuring an attack of this scale does not happen again requires a concerted effort across all levels of an organisation. This starts with implementing comprehensive and resilient endpoint security which enables IT managers to remotely identify, secure or disable any potentially vulnerable devices belonging to their organisation, whether or not they are connected to the corporate network, all from the safety of their own home.
These uncertain times have given rise to a new cadence of cyber attacks facing organisations, and hackers are increasingly targeting vital industries which may have become more vulnerable due to COVID-19. Unfortunately, new remote working conditions combined with IT and security budget constraints, has meant organisations are facing unprecedented levels of cyber attacks.
The EasyJet data breach means millions of customers’ passwords and email addresses have been leaked, and therefore it is of the utmost importance that these customers change their log-in credentials for all platforms which also utilise these passwords. Moving forward, it is also essential that multi-factor authentication steps are implemented on all personal and professional devices and accounts, and organisations must implement privileged access management security protocols so that hackers are stopped in their tracks. It’s worth remembering that it’s no longer ‘business as usual’ for organisations across the world, but for cyber criminals it’s just another day in the office.
There is enough personal information in the stolen records to make those people targets for identity theft and fraud. Hackers are likely to trade the stolen data as well as trying to trick customers into revealing further personal details using targeted phishing emails.
It’s just a numbers game for hackers, as they can easily send tens of thousands of emails in the hope of tricking a handful of customers. Customers affected should be suspicious of any emails or even phone calls that relate to the breach, no matter how plausible, and should not give away more personal information. They should also be vigilant for suspicious credit-card transactions. We have seen a sharp increase in phishing attempts and cyber-attacks over recent weeks, with many related to the Covid-19 pandemic. I would not be surprised to see further attacks launched using this stolen data.
A lot of people are missing the potential big picture impact of the EasyJet breach and the risk it could pose to other enterprise or government organizations. Of course the individuals impacted should heighten their cybersecurity awareness and take steps to further protect themselves – but the organizations these nine million people work for need to be vigilant too. One thing we noticed from past breaches at places like American Airlines and the U.S. Office of Personnel Management is that the goal was to get information that can be used by nation states or other groups for blackmail, further hacking or other malicious campaigns. If this attack was carried out by a sophisticated group that was more interested in EasyJet’s intellectual property than it was in stealing personal customer information – like the company has suggested – this is a very likely scenario. The personal information these attackers have gained provides a huge strategic advantage where they can prioritize high value target organizations and agencies with phishing tactics that leverage an extensive amount of personal data.