China hackers suspected in easyJet attack
Chinese hackers are suspected of accessing email and travel details of about nine million easyJet customers, sources familiar with the investigation say.
The two sources said the hacking tools and techniques used in the January attack pointed to a group of suspected Chinese hackers that has targeted multiple airlines in recent months.
The news of the data breach on Tuesday could result in a hefty fine for the budget airline, which has already been forced to ground its flights because of the COVID-19 pandemic.
EasyJet is also battling its founder and biggest shareholder in a long-running dispute over the carrier's business strategy.
An easyJet spokeswoman declined to comment on who was responsible for the attack.
The Chinese embassy in London did not respond to a request for comment.
Beijing has repeatedly denied conducting offensive cyber operations and says it is frequently the victim of such attacks itself.
EasyJet's chief executive Johan Lundgren said there was heightened concern about personal data being used for online scams as more people worked from home because of the COVID-19 pandemic.
"As a result, and on the recommendation of the ICO (watchdog), we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications," he said.
The sources, who spoke on condition of anonymity, said the same group of hackers had previously targeted travel records and other data to track the movement of specific individuals, as opposed to stealing credit card details for financial gain.
BAE Systems threat intelligence analyst Saher Naumaan said information on who is travelling on which routes can be valuable for counter-intelligence or other tracking of persons of interest.
EasyJet said credit card details of more than 2000 customers had also been compromised but it did not look like any personal information had been misused.
The company said it had engaged forensic experts to investigate the issue and also notified Britain's National Cyber Security Centre (NCSC).
An NCSC spokesman confirmed it was working with easyJet.
Get the latest news from thewest.com.au in your inbox.
Sign up for our emails