NCSC statement: EasyJet cyber incident

Wednesday 20 May 2020 @ 14:15
National Cyber Security Centre

An NCSC statement and advice following a cyber attack on EasyJet.

An image illustrating a warning sign on a laptop screen.

EasyJet yesterday confirmed that it had suffered a cyber attack and is in the process of contacting affected customers following the incident.

An NCSC spokesperson yesterday said:

"We are aware of this incident and have been working with EasyJet from the outset to understand how it has affected people in the UK.

“The NCSC would recommend anybody with accounts that could have been compromised to be especially vigilant against any unusual activity in their bank accounts or suspicious phone calls and emails asking them for further information.

“We would recommend considering changing passwords for accounts that could have been affected. More information can be found on the NCSC website.”

Information and advice for customers of EasyJet

EasyJet have issued a statement regarding this incident
Anyone who thinks they have been a victim of online crime can report a cyber incident using Action Fraud’s online fraud reporting tool anytime of the day or night, or call 0300 123 2040. For further information visit www.actionfraud.police.uk.
If you’re an EasyJet customer, we recommend changing your password on your EasyJet account – and if you know you’ve used that password anywhere else, change it there too. The best way to make your password long and strong is by using a sequence of three random words you'll remember. Of course, remembering lots of passwords can be difficult, but if you save them in your browser then you don’t have to. There is more information on the NCSC website.
Now would also be a good time to check if your account has appeared in any other public data breaches. Visit https://haveibeenpwned.com, enter your email address and go from there.
Two-factor authentication (2FA) is a free security feature that gives you an extra layer of protection online and can stop cyber criminals getting into your accounts - even if they have your password. If it is available then we suggest using it on all your important accounts.
If your account has been compromised, your personal details may be used to help craft more convincing scam emails. If you believe you have received a suspicious email then you can report it to the NCSC using the Suspicious Email Reporting Service (SERS) but the NCSC has produced advice which will help you spot the most obvious signs of scam emails.
EasyJet confirmed that 2,208 credit card details were accessed in this incident. If you were one of them, you should be notified of this by EasyJet. We advise that you monitor your accounts for any unusual activity and if you’re worried, get in touch with your bank’s fraud department. There is more information on the NCSC website

Channel website: https://www.ncsc.gov.uk/

Original article link: https://www.ncsc.gov.uk/news/easyjet-incident

Share this article

Latest News from
National Cyber Security Centre

NCSC enters new partnership for PDNS delivery

17/04/2024 13:05:00

The National Cyber Security Centre announces new partnership to deliver the Protective Domain Name System (PDNS) service.

UK holds China state-affiliated organisations and individuals responsible for malicious cyber activity

26/03/2024 10:31:00

UK calls out pattern of malicious cyber activity by Chinese state-affiliated organisations and individuals targeting democratic institutions and parliamentarians.

NCSC and partners issue warning about state-sponsored cyber attackers hiding on critical infrastructure networks

08/02/2024 11:05:00

GCHQ’s National Cyber Security Centre and partners share details of how threat actors are using built-in tools to camouflage themselves on victims’ systems.

Business leaders urged to toughen up cyber attack protections

24/01/2024 13:12:00

New guidelines to help directors and business leaders boost their resilience against cyber threats.

Exploitation of vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure

15/01/2024 10:15:00

Organisations are encouraged to take immediate action to mitigate vulnerabilities affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) gateways (CVE-2023-46805 and CVE-2024-21887), and follow the latest vendor advice.

UK exposes attempted Russian cyber interference in politics and democratic processes

08/12/2023 10:29:00

The UK condemns Russia’s sustained attempts at political interference in the UK and globally.

UK and allies expose Russian intelligence services for cyber campaign of attempted political interference

07/12/2023 14:25:00

The UK and allies call out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes

NCSC launches Cyber Incident Exercising scheme

06/12/2023 15:25:00

New CIE assured providers give organisations support to create structured table-top or live-play cyber incident exercises.

UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains

23/11/2023 16:05:00

Joint advisory observes cyber actors leveraging zero-day vulnerabilities and exploits in third-party software.

WIREDGOV