Enter your details below and we'll get back to you.
Share this article
As EasyJet becomes the latest high profile business to announce a data breach, it would be easy to think that the travel industry is a particularly popular target for cybercrime. But is this really true? And if so, why are hackers drawn to the sector?
In today’s tech-driven business culture, a data breach is any organisation’s worst nightmare. Cybercrime can impact any and all industries, but more often than not it seems like travel companies are finding themselves on the receiving end of a large-scale, damaging and highly publicised data breach.
The most recent high-profile victim of this is EasyJet, who recently admitted to suffering a mammoth breach. They certainly aren’t alone in suffering this kind of damaging and costly attack, however. We only need to look at the British Airways’ recent woes and the Information Commissioner’s Office’s (ICO) intention to levy a fine of £183.4million to see that it’s been a tough time for the industry – even before COVID-19 hit. But this fine could be small in comparison to the potential fine that EasyJet now faces.
So what is it about the travel industry that draws cybercriminals, and what can businesses do to protect themselves against these kinds of incidents?
In a “highly sophisticated” cyberattack, EasyJet has confirmed that the personal information of 9 million customers has been breached. While this breach did not include any passport information, it did involve the theft of 2,208 credit card details.
The airline has not confirmed how the breach occurred, but it has assured customers that the unauthorised access has now been “closed off” and that the incident has been reported to the National Cyber Security Centre and the ICO.
But the damage has already been done. The breach is one of the largest to impact any UK business, and raises the possibility that the airline may have to pay a large fine, at a time when COVID-19 has already put the travel sector under severe financial pressure.
In the case of British Airways hackers stole the personal information of half a million customers – then considered to be one of the most significant data breaches of its kind and a demonstration of non-compliance with GDPR guidelines.
One of the most obvious reasons why travel is such a hot target for hackers is that big breaches offer big rewards. In the US alone, the travel industry generated $2.5 trillion in economic output in 2018, and is responsible for some 15.7 million jobs.
As well as being a tempting target in terms of earnings, the travel industry also offers a wealth of data. Travel companies are accustomed to collecting and storing large quantities of personal data, such as passport numbers, credit card information and driver’s licences – all of which can be used for identity theft, resale and spear phishing campaigns.
What’s more, with regular bookings and cancellations taking place, data is constantly moving through the travel industry.
But travel businesses offer a lot more than money and data, which is usually enough of a draw for most hackers. Another form of currency that possesses vulnerabilities in many travel industry is loyalty rewards.
Loyalty rewards can provide a low risk, high return treasure trove for cybercriminals. Most people don’t monitor their rewards schemes nearly as often as their bank accounts and, once accessed, rewards can be cashed in quickly and lost forever.
It’s clear that travel businesses must place cybersecurity high on their list of priorities in order to avoid finding themselves in a similar situation to EasyJet and BA. Understanding the vulnerabilities surrounding different data sources is crucial in the travel sector and, now more than ever, any data that is deemed essential should be encrypted. Encryption is relevant not just in terms of processing card data but also as a key requirement in the context of GDPR.
No company should let their first experience of a breach be the real deal. By rehearsing and testing their incident response, you can put your business in the best position to be both proactive and efficiently reactive if and when a cyber incident does occur.
Effective cybersecurity means finding a balance between convenience and security. To find this balance, it’s a good idea to seek the help of security experts who can assess, test and bolster your business security before a breach takes place.