The last post I shared about data theft was back in October (that seems like years ago now), but the subject’s not gone away, of course.
EasyJet says hackers stole data of 9 million customers – Bloomberg
Cyber-attacks against businesses and their employees have surged this year as hackers take advantage of the disruption caused by the coronavirus pandemic. While the EasyJet breach was discovered in late January, predating the disease’s flare-up across Europe, the company is alerting those whose exposure was limited to email and travel details to guard against a rising number of so-called phishing attempts, a person familiar with the situation said.
It wasn’t just a few credit cards: Entire travel itineraries were stolen by hackers, Easyjet now tells victims – The Register
It also warned victims to be on their guard against phishing attacks by miscreants using the stolen records, especially if any “unsolicited communications” arrived appearing to be from Easyjet or its package holidays arm.
You’d think the Information Commissioner’s Office would be busier than ever.
It looks like the UK’s data regulator has given up, blaming coronavirus – Wired UK
In April, the ICO said it would focus on the most serious cases during the pandemic and consider the impact of the wider situation on companies under investigation, but called for organisations to continue to report breaches as it was still operating. But in reality, observers claim, it has almost completely stopped operating.
But it’s worth noting that that article was subsequently updated to, in effect, completely contradict its own headline.
[F]ollowing the publication of this story, an ICO spokesperson said it “is not true” that the body has stopped work on complaints and investigations. “Since the Covid-19 pandemic started, we have only paused under ten per cent of cases and investigations,” the spokesperson said. “These are specific cases where progressing regulatory activity may not be possible or appropriate during a global public health emergency.” The spokesperson added that it continues to “look into” all complaints and data breach reports it receives. It is “focusing on the information rights issues that are likely to cause the most harm or distress to people and organisations”.