Recent Attacks on Airlines Suggests Hackers Are Now More Interested In Passenger Data

Hackers are increasingly targeting airlines, due to their huge dependence on computer networks for everything from customer-facing activities such as bookings and support, to vast back-office functions which often affect multiple entities involved in the aviation business.

EasyJet - an attractive target?

EasyJet, the British low-cost airline headquartered at London Luton Airport, was hit with a cyberattack, resulting in the leak of customer data.
  • In May 2020, Chinese hackers were suspected of accessing email and travel details of about nine million EasyJet customers.
  • The intrusion had happened in January and the same group of hackers had previously targeted travel records and other data to track the movement of specific individuals, as opposed to stealing credit card details for financial gain.

EasyJet has witnessed similar threats from other hackers earlier as well. 
  • In August 2018, a phishing website was observed trying to trick customers of some airlines including EasyJet into inputting their personal information. 
  • In August 2017 also, hackers were seen using EasyJet branding to run a scam competition on Facebook, claiming to offer free flight tickets just by filling out their personal details for a short survey.

Massive attacks on airlines all over the world

Cyberattacks have been infiltrating the systems of airlines, airports, aircraft manufacturers, and even satellites and space stations. According to SITA, a leader in air transport communications and IT solutions, only 35% of airlines and 30% of airports consider themselves to be adequately prepared.
  • In February 2020, Transavia, the Dutch low-cost airline, suffered a cyber attack that exposed as many as 80,000 Transavia passengers’ data.
  • In January 2020, SpiceJet suffered a data breach as the hackers gained access to one of SpiceJet’s systems by brute-forcing the system’s password. It exposed the private information of more than 1.2 million passengers.
  • In January 2020, the confidential board papers of a proposed merger of Malaysia Airlines with AirAsia Group Bhd and AirAsia X Bhd were leaked.

Regulatory actions

Authorities are also taking breach detection as well as prevention strictly into consideration.

The UK's Information Commissioner’s Office (ICO) had fined Cathay Pacific Airways Limited £500,000 earlier this month for failing to secure its customers’ personal data. It was reported that the lack of appropriate security measures led to customers’ personal details being exposed, 111,578 of whom were from the UK, and approximately 9.4 million more worldwide.

Staying safe

Airports and other businesses can mitigate their exposure to cyberattacks by using strong encryption software and multi-factor authentication for secure sensitive customer details. Another important aspect is to train their employees and IT staff to avoid such incidents due to human errors.