Hackers access nine million Easyjet customers' details - MSE News

Browntoa

wardylad said:

I've received the dreaded email from EasyJet saying my data was accessed (no mention of credit card details though). 
Any one know whether it's worth seeking legal advice to make a claim against a data breach ?

The talktalk data breach didn't end in mass compensation for customers

bobblebob

I doubt you would get much anyway for just (if what they say is true) an email address that was leaked

JayCeeEssex

We too have just received the dreaded e-mail confirming that EasyJet actually employed a 5 year old to set their data protection systems.
Is it worth trying to claim against them?
Probably not, BUT what is worth doing is writing to the ICO and registering a formal complaint about EasyJets slapdash attitude towards data protection. The more people who complain, the stronger the ICO case! 

inspectorperez

Easyjet want to thank their lucky stars that it was not a ransomeware attack similar to the one that took down Travelex for weeks earlier in the year. I hope they are providing adequate assurances to those customers who have been effected and if appropriate relevant advice. Maybe total coincidence of course, but this data breach appears to have occurred on or around the time of the Travelex issue!

Missus_Hyde

bobblebob said:

Missus_Hyde said:

Very annoying, of course.

However, I never store card details ( or any other details, come to that) on sites such as EasyJet, and I'm hoping that we're not one of the people whom it has affected. 

If we are, I shall just have to take evasive action; quite honestly it wouldn't be the first time our data has been romping around in cyber space; sadly a lot of companies have a rather cavalier attitude to their customers' details, so I always check our credit reports every month to try and keep on top of it.

Those whose account details have been leaked have already been notified. So if you havent, your account details are safe

We actually had the following email from email from EasyJet last night:

Our investigation found that your name, email address, and travel details were accessed for the easyJet flights or easyJet holidays you booked between 17th October 2019 and 4th March 2020. Your passport and credit card details were not accessed, however information including where you were travelling from and to, your departure date, booking reference number, the booking date and the value of the booking were accessed. 

As it appears that our card and passport details haven't been affected then I'm not unduly worried. Obviously it's annoying, as I said before, but I can keep a check on our credit files for identity theft etc. and quite frankly it's not the first time our data's gone all over the internet ( and I don't suppose it will be the last! 🙄)

IvanOpinion

In my opinion this is a very serious data breach.  What bad actors now have is your name, address and a time period during which your house could be empty - nice simple pickings.

IvanOpinion

Joe9090 said:

Ganga said:

Joe9090 said:

Doesn't inspire you with confidence when you try to change your password you get 'Your password must be a single word between 6 and 20 characters in length and must not include the special characters # & + or space'

Why not ? surely you can come up with a new password using between 6 and 20 letters/numbers/characters !

No problem with that but the most secure passwords make you include the special characters # & + or space' and even a !

Hi Joe, that is incorrect - or at least very out of date.  The most important thing for a password is length, I generally do suggest including mixed case, numbers and symbols (including EMOJIS) but they do not necessarily provide additional protection (crackers scan the full ASCII character set so what format the character is becomes irrelevant). 

Complex systems can in fact reduce protection - because users forced into changing their passwords frequently or having to use overly complex systems have a habit of writing passwords down or using an advancing sequence (where they just update a number each time they change e.g Passw0rd01 -> Passw0rd02 -> Passw0rd03 etc.).  Alternatively they use password storage software that remains logged in even when they shut down their browser.

Make your passwords at least 12 characters long, the latest advice being 3 or more easy to remember words with no spaces between them e.g. HorseSnowballSponge.

fib_b

Our local newspaper has today reported a class action by PGMBM, does anyone know if this is legitimate?

gwc1

fib_b said:

Our local newspaper has today reported a class action by PGMBM, does anyone know if this is legitimate?

Seems to be a few solicitors picking up on this now, promising 2k plus 🧐

crazychick72

I'd be interested to know if this is legitimate as we have had our data stolen too