EasyJet customers who know or think their data is compromised should change passwords, check credit card statements, and look for fake refund emails, experts say.
The email addresses and travel information of 9 million easyJet customers were compromised between mid-October 2019 and March 4, the budget company revealed Tuesday.
Meanwhile, credit card details of 2,208 of them had been leaked in the serious data breach.
EasyJet notified the Information Commissioners Office and the National Cyber Security Center in late January of the hack, saying it would contact all affected customers by May 26.
Budget airline easyJet reported on Tuesday that the email addresses and travel details of 9 million customers, plus over 2,000 credit card information, were compromised in a data breach
It became the second major airline to fall victim to a major data breach after British Airways was fined £ 183 million by the ICO last year after compromising data from 500,000 customers, including personal and payment information, in a 2018- data breach.
But while easyJet may be concerned about its own financial future if the ICO pays its multi-million pound BA fine, its customers are likely to be concerned.
Here are four ways the data breach could affect you as an easyJet customer, and what to look out for.
1. Check your credit card statement
EasyJet said it had already contacted the 2,208 customers whose credit card information, including three-digit security numbers and expiration dates, was compromised by the breach, saying there was no evidence that data had been misused.
However, it probably can’t be sure, and there isn’t necessarily a way to find out for yourself.
A bank can give you a new card if your data has been compromised, but not an airline, and there is no way to prove a link to a particular data breach.
Trading body UK Finance said earlier this year that “ the theft of personal and financial data leaks has been a major contributor to fraud losses ” last year, using stolen card data to commit £ 470.2 million in fraud in 2019.
Do you see an unusual transaction on your bank statement? 46% of people said they were not sure they would
EasyJet has only said that security numbers and expiration dates have been compromised, unlike BA’s breach that also involved card numbers, but customers still need to be vigilant.
Alastair Douglas, chief executive of credit comparison site Totally Money, said, “The first point of action for anyone concerned about fraud is to check your recent transactions.
“It won’t be long before they appear on your statement or online accounts, and it may help you discover something weird sooner or later.”
A survey conducted in February this year by MoneySupermarket found that 46 percent of people were unsure if they could spot minor fraud on their bank statements, but something like that could be the tip of an iceberg if it means your data is at risk.
If you see something suspicious, mark it at your bank.
2. Change your passwords
Justin Basini, the founder and director of credit report provider Clear Score, said, “The recent attack on easyJet emphasizes that the best protection you can have against future data breaches is to ensure that you have individual passwords for each of your online accounts.
“If you are an easyJet customer, I would advise you to change your password immediately and if you think you used that password elsewhere online, to change that too.”
If you are an easyJet customer, I recommend that you change your password immediately and if you think you used that password elsewhere online, change that too
Justin Basini, CEO of Clear Score
Clear Score has also recently launched a free dark web monitoring service called Clear Score Protect, which allows users to find out every three months whether their passwords may have been leaked.
About 400,000 users have already signed up and found that they each have an average of seven leaked passwords.
With websites such as ‘HaveIBeenPwned’, people can also determine whether email addresses or passwords have been compromised during a data breach.
Mr. Basini also recommended using a password manager to generate or store various passwords to help you remember that; or installing two-factor authentication that requires more than just a password to log in somewhere.
3. Beware of fake emails
The coronavirus outbreak and shutdown have been a boon to fraudsters, especially when it comes to phishing emails and text messages.
Everything from the government coronavirus warning number to Netflix and the tax authorities has been faked.
Fraud reporting service Action Fraud said there were 7,796 reports of coronavirus-related phishing since the virus hit the UK, and 160,000 suspicious emails were forwarded to the NCSC reporting service, leading to 1,400 links to fake websites intended to people capture details are removed.
Police have warned people against clicking links in text messages pretending to be from the tax office and opening links in untrustworthy emails
Fraudsters can use stolen email addresses to target people with phishing messages, such as offers from the council’s fake tax refunds, or target easyJet customers who are currently trying to get a refund for canceled flights.
Messages claiming to be from the government can be forwarded to the suspicious email reporting service at [email protected]
We will never contact you without asking to request your account information or security information, and we will never ask you to reveal your passwords or change your passwords on your easyJet account
Customers should be wary of anything claiming to be easyJet and carefully check the address, especially if it requires more personal or financial details.
In an email to a data breach victim, easyJet wrote, “Be extra careful if you receive unsolicited communications, especially if they claim to be from easyJet or easyJet vacations.
Please note that we will never contact you without asking to ask for your account information or security information, nor will we ever ask you to reveal your passwords or change your passwords on your easyJet account.
Mr. Basini said, “If in doubt, it is always best to contact easyJet directly through the email address and number on their website, do not click on an email or text message that you are suspicious of.”
Action Fraud said it had received 41 reports of a scam email allegedly from the government requesting donations to the NHS. The NHS will never ask for your bank details
Check your credit report
Finally, email addresses in combination with personal information can be used for identity theft. According to UK Finance figures, £ 17.4 million was stolen after criminals opened accounts in someone else’s name last year, although this was 41 percent down on 2018.
Meanwhile, account takeover fraud, where criminals use credit or debit card information to steal someone’s money by impersonating, is up 13 percent in 2019 and lost £ 20.3 million.
Checking your credit report or ‘financial resume’, especially the credit applications you’ve submitted, is a good idea if you think your financial information is at risk.
However, as This is Money previously reported, identity theft is in fact not a recordable crime unless it is used to obtain credit, in which case the bank or credit card company is identified as a victim and some banks do not even report it to the police.
EasyJet customers should look specifically for hard searches and newly opened accounts that they don’t recognize in their credit report
Alastair Douglas, CEO Totally Money
One of the best ways to keep an eye on this and to check your bank account or credit card is to check your credit report to see if it has any suspicious activity.
Alastair Douglas of Totally Money said, “Get into the habit of checking your credit report regularly.
“If there is something you don’t recognize or something that seems suspicious, you are in a much better position to trade before it becomes a real problem.
In light of the easyJet data breach, customers should look specifically for hard searches and newly opened accounts that they don’t recognize in their credit report. If you find anything, contact the lender immediately.
“When it comes to protecting your personal information and finances, it’s best to be careful.”
Some of the links in this article may be affiliate links. If you click on it, we may earn a small commission. That helps us to fund This Is Money and keep it free. We do not write articles to promote products. We do not allow a commercial relationship to affect our editorial independence.