Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Privacy United Kingdom

EasyJet Admits Data of Nine Million Hacked (bbc.com) 23

An anonymous reader quotes a report from the BBC: EasyJet has admitted that a "highly sophisticated cyber-attack" has affected approximately nine million customers. It said email addresses and travel details had been stolen and that 2,208 customers had also had their credit card details "accessed". The firm has informed the UK's Information Commissioner's Office while it investigates the breach. EasyJet first became aware of the attack in January. It told the BBC that it was only able to notify customers whose credit card details were stolen in early April. Stolen credit card data included the three digital security code -- known as the CVV number -- on the back of the card itself. EasyJet added that it had gone public now in order to warn the nine million customers whose email addresses had been stolen to be wary of phishing attacks. It said that it would notify everyone affected by 26 May.
This discussion has been archived. No new comments can be posted.

EasyJet Admits Data of Nine Million Hacked

Comments Filter:
  • CVV? (Score:5, Informative)

    by Ecuador ( 740021 ) on Tuesday May 19, 2020 @06:47PM (#60080530) Homepage

    I thought retailers aren't supposed to save the security code?

    • by ceoyoyo ( 59147 )

      I'm surprised the credit card companies don't sue anyone who does into the ground. They're liable for losses, and it's pretty obvious if you saved the CVV when you weren't supposed to.

      • If they're doing CC processing, they'd better pray that they have the valid certifications on their app to begin with.
    • by Ogive17 ( 691899 )
      Honest question - if you save your payment details, is it going to also save CVV?
      • Re:CVV? (Score:5, Insightful)

        by micheas ( 231635 ) on Tuesday May 19, 2020 @08:40PM (#60080738) Homepage Journal
        Typically as a merchant, I haven't saved credit card numbers when doing a Card On File transaction but rather generated a unique number with the payment processor for a card that was only good for transactions for that customer from our store, so a lifted card could only be used for purchasing things on our store if compromised and then saved the last four digits of the real card to show the customer and the single purpose card number for recurring transactions. I'm sure that there are people who just save everything though. An outsourced programmer making $1,200 a month doesn't really care if the company is compromised.
        • by AmiMoJo ( 196126 )

          EasyJet likes to keep your card on file because it reduces friction when charging for extras. Everything they aren't legally obliged to give you costs extra and the whole experience is designed to push you towards paying more than the headline ticket price.

          • Everything they aren't legally obliged to give you costs extra and the whole experience is designed to push you towards paying more than the headline ticket price.

            That's because that's where they make their profit. They make very little on the price of the ticket itself.

    • Re:CVV? (Score:5, Insightful)

      by Bite The Pillow ( 3087109 ) on Tuesday May 19, 2020 @07:35PM (#60080618)

      9 million customer records and only 2200 credit cards. CVV was likely in flight, not saved.

  • woopie, another database hack. I think these occur more often than cars getting flat tires. So I ask again (and again, and again, and again, ...) is there anyway to protect a database with exception to making it WOM (write only memory)?
  • Just when you thought it was safe to fly!

  • AKA somebody left the door open and some script kiddie came and helped themselves.
  • That phrase is code for "we made several really dumb beginner's mistakes but do not want to admit that". It is high time that when something like this happens, the CEO goes to prison. I would also think an automatic compensation of $1000 for each person affected (unless they can demonstrate higher damage) would be a good idea. Maybe these two things could stop the atrociously bad and utterly pathetic amateur level IT operations that are going on in far too many companies.

  • Leme guess, someone opened a malicous link in an email under Microsoft Windows.
  • The Nine Million Names of "Oh my God"!

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde

Working...