Hackers have accessed the email and travel details of around nine million Easyjet customers and credit card details of around 2,000 more in a “highly sophisticated attack”, the British airline said on Tuesday.
The airline said in a statement credit card details of 2,208 customers had been accessed. It added it had closed down unauthorised access and will contact customers in the coming days.
The airline added that it didn't look like any of the information was misused and it first became aware of the attack in January.
"We take issues of security extremely seriously and continue to invest to further enhance our security environment," it said in a statement to the stock exchange.
"There is no evidence that any personal information of any nature has been misused, however, on the recommendation of the ICO, we are communicating with the approximately nine million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing."
EasyJet has had to ground most of its flights since March amid the coronavirus pandemic, where data breaches have surged. More employees working remotely has made companies less secure and more vulnerable to cyber attacks.
Adding to its woes, the airline is in a dispute with its founder and largest shareholder, Stelios Haji-Ioannou, over a £4.5 billion plane order.
Airlines have been target of several significant data breaches over the last few years.
Thousands of British Airways and Delta Air Lines customers had their data hacked in 2018, as well as Hong Kong-based Cathay Pacific. The Asian airline said hackers had accessed personal information of 9.4 million customers.
"However this breach has been manufactured, it's clear that the aviation industry is experiencing something of a perfect storm as operators' resources are stretched – even prior to Covid-19 – and cyber groups have become increasingly active in recent weeks," Andy Barratt, UK managing director at global cybersecurity consultancy Coalfire, told The National.
“Airlines, and the wider travel sector, are consistently targeted by cybercriminals due to the large amount of digital transactions, credit and information sharing needed to ensure the industry operates smoothly."
"Notably, the direct-to-consumer booking models used by budget operators circumvent some of this but mean that there is little room for them to outsource risk when it comes to cybersecurity – as EasyJet will no doubt now be aware," he added.
More on Quran memorisation:
Read more about the coronavirus
The specs
Engine: four-litre V6 and 3.5-litre V6 twin-turbo
Transmission: six-speed and 10-speed
Power: 271 and 409 horsepower
Torque: 385 and 650Nm
Price: from Dh229,900 to Dh355,000
Skoda Superb Specs
Engine: 2-litre TSI petrol
Power: 190hp
Torque: 320Nm
Price: From Dh147,000
Available: Now
Points to remember
- Debate the issue, don't attack the person
- Build the relationship and dialogue by seeking to find common ground
- Express passion for the issue but be aware of when you're losing control or when there's anger. If there is, pause and take some time out.
- Listen actively without interrupting
- Avoid assumptions, seek understanding, ask questions
Ten tax points to be aware of in 2026
1. Domestic VAT refund amendments: request your refund within five years
If a business does not apply for the refund on time, they lose their credit.
2. E-invoicing in the UAE
Businesses should continue preparing for the implementation of e-invoicing in the UAE, with 2026 a preparation and transition period ahead of phased mandatory adoption.
3. More tax audits
Tax authorities are increasingly using data already available across multiple filings to identify audit risks.
4. More beneficial VAT and excise tax penalty regime
Tax disputes are expected to become more frequent and more structured, with clearer administrative objection and appeal processes. The UAE has adopted a new penalty regime for VAT and excise disputes, which now mirrors the penalty regime for corporate tax.
5. Greater emphasis on statutory audit
There is a greater need for the accuracy of financial statements. The International Financial Reporting Standards standards need to be strictly adhered to and, as a result, the quality of the audits will need to increase.
6. Further transfer pricing enforcement
Transfer pricing enforcement, which refers to the practice of establishing prices for internal transactions between related entities, is expected to broaden in scope. The UAE will shortly open the possibility to negotiate advance pricing agreements, or essentially rulings for transfer pricing purposes.
7. Limited time periods for audits
Recent amendments also introduce a default five-year limitation period for tax audits and assessments, subject to specific statutory exceptions. While the standard audit and assessment period is five years, this may be extended to up to 15 years in cases involving fraud or tax evasion.
8. Pillar 2 implementation
Many multinational groups will begin to feel the practical effect of the Domestic Minimum Top-Up Tax (DMTT), the UAE's implementation of the OECD’s global minimum tax under Pillar 2. While the rules apply for financial years starting on or after January 1, 2025, it is 2026 that marks the transition to an operational phase.
9. Reduced compliance obligations for imported goods and services
Businesses that apply the reverse-charge mechanism for VAT purposes in the UAE may benefit from reduced compliance obligations.
10. Substance and CbC reporting focus
Tax authorities are expected to continue strengthening the enforcement of economic substance and Country-by-Country (CbC) reporting frameworks. In the UAE, these regimes are increasingly being used as risk-assessment tools, providing tax authorities with a comprehensive view of multinational groups’ global footprints and enabling them to assess whether profits are aligned with real economic activity.
Contributed by Thomas Vanhee and Hend Rashwan, Aurifer
Apple's%20Lockdown%20Mode%20at%20a%20glance
%3Cp%3EAt%20launch%2C%20Lockdown%20Mode%20will%20include%20the%20following%20protections%3A%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EMessages%3A%3C%2Fstrong%3E%20Most%20attachment%20types%20other%20than%20images%20are%20blocked.%20Some%20features%2C%20like%20link%20previews%2C%20are%20disabled%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EWeb%20browsing%3A%3C%2Fstrong%3E%20Certain%20complex%20web%20technologies%2C%20like%20just-in-time%20JavaScript%20compilation%2C%20are%20disabled%20unless%20the%20user%20excludes%20a%20trusted%20site%20from%20Lockdown%20Mode%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EApple%20services%3A%20%3C%2Fstrong%3EIncoming%20invitations%20and%20service%20requests%2C%20including%20FaceTime%20calls%2C%20are%20blocked%20if%20the%20user%20has%20not%20previously%20sent%20the%20initiator%20a%20call%20or%20request%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EConnectivity%3A%3C%2Fstrong%3E%20Wired%20connections%20with%20a%20computer%20or%20accessory%20are%20blocked%20when%20an%20iPhone%20is%20locked%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EConfigurations%3A%3C%2Fstrong%3E%20Configuration%20profiles%20cannot%20be%20installed%2C%20and%20the%20device%20cannot%20enroll%20into%20mobile%20device%20management%20while%20Lockdown%20Mode%20is%20on%3C%2Fp%3E%0A
