This Week in Data Breaches: Data of 9 Million People Stolen in EasyJet Data Breach
Welcome to this week’s round-up of the latest data breaches, leaks, and privacy intrusions. This week: data of millions of EasyJet customers stolen in a massive data breach, billions of Thai internet records leaked online, and unemployment insurance fraud surges in the midst of the coronavirus pandemic.
Data of 9 Million Customers Stolen in EasyJet Breach
EasyJet disclosed last week that the personal and travel data of 9 millions customers was stolen in a data breach discovered in January, making it one of the largest breaches since a breach at Hong Kong’s Cathay Pacific in June 2019 that impacted 9.4 million customers. Both Cathay Pacific and British Airways were fined last year by regulators following major breaches.
In the latest breach to hit the airline industry, hackers absconded with the credit card details of over 2,000 EasyJet customers. EasyJet said that it has notified those affected and shut down unauthorized access to its systems. In a notice to customers, the company said, “EasyJet has been the target of an attack from a highly sophisticated source...we are now notifying other customers impacted by this incident, particularly in light of the increased risk of phishing emails since the outbreak of Covid-19.”
The breach included names, email addresses, and credit card details. Travel details, such as departure dates and destinations, were also accessed in the breach. EasyJet said there has been no indication yet of credit card fraud stemming from the breach. Affected customers have also been offered 12 months of free credit monitoring.
8 Billion Thai Internet Records Leaked
Earlier this week, TechCrunch reported that a large Thai mobile network, AIS, took down a massive database that was leaking billions of real-time records on Thai internet users. Anyone who came across the unsecured database would have been able to see exactly what users were doing online in real-time.
It took AIS over a week to take down the database, and came only after a security researcher alerted Thailand’s cyber emergency response department. “We can confirm that a small amount of non-personal, non-critical information was exposed for a limited period in May,” a spokesperson for the company told TechCrunch.”
While AIS said that the leak did not contain any personal information, the exposed database did contain DNS queries and Netflow data, information which makes it possible to determine what websites and apps users are accessing. As TechCrunch points out, this information could in turn potentially be used to identify the activity and sources of journalists in a country that is notorious for government censorship.
The security researcher who found the database, Justin Paine, said that the data could be used to identify internet-connected devices, which antivirus software users were running, and the social media platforms they used. Tools like HTTPS Everywhere or a VPN make it difficult to track internet activity by encrypting requests and traffic, so it might be a good time to look into these if you haven’t already.
Check out our comprehensive privacy guide to find out more about these tools and get more information on how to protect yourself online.
Fraudsters Target Unemployment Insurance
With the expansion of unemployment benefits and a massive surge in unemployment claims as millions have been laid off or furloughed due to the coronavirus, fraudsters are exploiting the influx of claims by filing for benefits in other peoples’ names, hoping to sneak by as state systems are swamped by applications in what the New York Time is calling a “vast fraud network targeting US unemployment systems.”
States around the country, from Washington to Massachusetts, are now warning their residents to be on the lookout for signs of fraudulent claims. In Washington state alone, thousands of residents have become unwitting victims of the scheme. Officials there estimate that fraudsters have already cost the state hundreds of millions of dollars. Cases have also been identified in nine other states.
If you receive notice that an unemployment claim has been filed in your name, contact the fraud hotline of your state unemployment office immediately. You can find the number for your state’s hotline here. Make sure to remain vigilant and be on the lookout for signs of unemployment insurance or tax fraud. For more information on how to spot signs of fraud and what to do if you suspect you've been a victim check out our in-depth guide on how to protect your identity.
For more information on how to protect yourself, check out our in-depth security and privacy guides:
Bloom: Your Data, Your Credit, Your Privacy
At Bloom, we are giving you the tools to take back control of your data all in one simple app. No more centralized data storage. No more selling off your data to the highest bidder. Bloom enables you to own, control, and protect your data using the latest advancements in blockchain technology.
It’s time to take back control of your data and unlock the power of a secure identity today. Download the Bloom mobile app to build a digital identity, monitor your credit, and get free data breach alerts with Radar!