In the midst of Covid 19, one of the biggest budget airlines that have been affected badly by the Covid Pandemic and has been faced with a large scale cyber attack, It has been reported that personal information and data of 9 million customers have been accessed in a “highly sophisticated attack”.
Data protection infringement and banking data security is now becoming a global persistent issue for all manner of businesses.
It appears that e-mail addresses and travel documents of customers, which is classified as personal information, has been accessed. It appears that 2,208 people have had their credit card details stolen and EasyJet have informed the stock market of this matter.
Those people who have had their credit card details stolen have been contacted and all other customers will be contacted if they have been affected by this matter no later than the 26 May 2020. EasyJet has not given the exact details so far of how this incident has occurred but they have now reported the matter to the National Cyber Security Centre and the ICO – Information Commissioners Office, who are the regulatory body for data protection in the UK.
This matter raises the issue of Easyjet paying a large fine to the ICO when it is already in the midst of making redundancies and experiencing serious financial pressures due to the Covid 19 Pandemic. As we know the maximum amount of fines imposed can be up to 4% of global GDP. This may be unfair and serious but it shows no serious data protection infringements are being taken.
BA, as we are aware, is another airline that was fined 183million in July 2019 for their serious data breach of personal information by the ICO, when hackers stole personal data of half a million customers at this time.
So the common thread is that companies large and small need to be aware that since the Covid 19 Pandemic, they have all been more vulnerable to cyber attacks and it is very important that all businesses have robust Cyber security and GDPR compliant policies in place to combat these issues.
If you are concerned about your GDPR and Data security
If you are concerned about your GDPR and Data security measures please do not hesitate to contact the ACLF GDPR and Data specialist team at email@example.com offering capped and fixed fees to support businesses audit their documents; create policies and procedures and audit and assess just how robust they are in this field. Data Protection and security of data is seen more key whilst so many are working remotely the employees need secure VPN’s and policies to ensure they comply with the company’s policy and IT / security protocols. Staff also need to be comfortable to report and screenshot things that concern them to prevent these issues, but if they are scared of reprimands or disciplinary procedures they may cover up their concerns. Make the procedures transparent and offer staff support and ease to report and prevention may be possible