The recent high-profile cyber attack that struck British budget airline easyJet may have been carried out by Chinese hackers, new research and multiple sources have suggested.
The cyber attack, which saw the email addresses and travel details of millions of passengers being robbed—as well as the credit card details of some 2,000—was reportedly conducted by the very same group of Chinese hackers responsible for other attacks on a number of airlines in recent months.
“We would like to apologize to those customers who have been affected by this incident,” said easyJet’s boss, Johan Lundgren. “Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams.”
“As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications,” added Lundgren.
Information remains scant concerning the identity of the alleged Chinese hackers behind the cyber attack, with the Chinese embassy in London declining to comment when questioned by local newspaper The Sun.
How the cyber attack unfolded
According to sources who spoke to news agency Reuters, the hacking tools and techniques used in the cyber attack incident pointed to a group of Chinese hackers as the culprits. The unnamed group reportedly has a history of carrying out malicious cyberattacks on airline companies, the sources said.
The sources, who spoke under the condition of anonymity, explained that the Chinese hackers responsible had previously been in the business of targeting travel records and other data in order to track the movement of specific individuals. In this way, the cyber attack seems to have been less motivated by financial gain as it was by espionage.
The hacking tools and techniques in question—which appear similar those used in previous security breach incidents involving airlines—allowed the Chinese hackers to walk away with that same data belonging to some 9 million easyJet customers in total.
In response to the cyber attack incident, easyJet has kicked off an investigation into the matter, claiming that results so far seem to indicate that the Chinese hackers had been targeting intellectual property, as opposed to data that would assist in identity theft, such as CVV/CVC numbers. The investigation’s preliminary findings support the claim that the hackers did indeed have a motive for the attack that was more than mere financial gain.
The airline has said that it will have contacted all affected customers by May 26, and that it is advising all users to be wary of phishing attacks in the wake of this security breach.
The ICO: A spanner in the wheel
Aside from easyJet’s internal investigation into the incident, another investigation is being carried out simultaneously—this time by the UK’s Information Commissioner’s Office (ICO) to determine whether the airline itself had not properly protected the personal data of its customers.
According to multiple reports, the ICO investigation will likely result in easyJet facing a heavy fine for the data breach having occurred in the first place.
“People have the right to expect that organizations will handle their personal information securely and responsibly. When that doesn’t happen, we will investigate and take robust action where necessary,” the ICO said in a statement.
Such a fine would by no means be unprecedented in the UK aviation industry. British Airways, for example, is currently in the process of appealing against a £183 million ($223 million) fine that it received from the ICO last year after cyber criminals stole the credit card details of hundreds of thousands of its customers the year before.
Data in the hands of Chinese hackers
Because of the lack of information that has so far surfaced about both the attack itself, and the precise motives of the Chinese hackers behind it; it remains up in the air as to how the personal information stolen might end up being used.
According to Oz Alashe, chief executive at the UK cyber security awareness firm CybSafe, customers whose personal data was impacted by the cyber attack are most likely to experience phishing attacks, or some variant thereof.
“There is a risk that some of the victims of this data breach will receive phishing emails. These may be targeted and can be difficult to spot. For the smaller subset of customers who have had financial information stolen, credit and or debit cards will need to be cancelled. It remains unclear whether financial data was encrypted and how this was compromised,” explains Alashe.
He goes on to point out that, in the wake of a cyber attack of such a scale, the onus rests on easyJet to remain transparent and honest with its customers as more information becomes available.
“For easyJet, continued transparency is now of the utmost importance. It is vital that the company keeps its customers informed. While the business has promised to contact those affected ‘no later than 26th of May’, notification must come as soon as possible if feasible,” Alashe adds.