The British airline EasyJet has suffered a breach in which personal data of nine million customers was exposed.
This involves travel details and email addresses.
In addition, the credit card details of 2,208 customers were also exposed.
The company has not revealed the date of the breach, and it did not share the details of the forensic investigation.
Although the company alerted the customers, the notification was somewhat buried on its website and was presented in the form of a press release.
Johan Lundgren, CEO at EasyJet, has already issued an apology and advised those who were affected to be extra vigilant.
Ilia Kolochenko, founder and CEO at ImmuniWeb, commented that there is a bright side to this, as nine million user records is only a small percentage of the total number of EasyJet customers.
He went on to explain that financial repercussions under GDPR will be difficult to avoid, adding that the height of the fine will depend on the level of negligence pertaining to the incident.
Tim Sadler, CEO at Tessian, said that the affected customers are now at greater risk of being targeted by phishing scams.
His advised them to be extra careful when opening emails that claim to be coming from EasyJet.
Despite the fact that EasyJet claims there is no evidence suggesting that the affected data has been misused, Boris Cipot, senior sales engineer at Synopsys, believes that changing passwords is the best course of action to take for anyone affected.
Despite alerting the customers, the question remains: could the whole incident have been avoided?
Mark Bower, senior vice president at comforte AG, believes that tokenisation technology would have provided a great deal of help in this regard.
Brian Higgins, security specialist at Comparitech, is worried that hackers will capitalise on the fear of the customers once the attack is made public.