* Cyberattack took place in late January
* Customer email and travel records compromised
* British airline could face heavy fine
(Recasts on suspected culprits, adds NCSC and ICO comment)
By Jack Stubbs and Kate Holton
LONDON, May 19 (Reuters) - Chinese hackers are suspected of
accessing email and travel details of about nine million easyJet
customers, said two sources familiar with the
investigation into a cyberattack disclosed by the British
airline on Tuesday.
The sources said the hacking tools and techniques used in
the January attack pointed to a group of suspected Chinese
hackers that has targeted multiple airlines in recent months.
The news of the data breach could result in a hefty fine for
the budget airline, which has already been forced to ground its
flights because of the COVID-19 pandemic and is battling its
founder and biggest shareholder in a long-running dispute over
the carrier's business strategy.
An easyJet spokeswoman declined to comment on who was
responsible for the attack and Reuters could not determine on
whose behalf the hackers were working.
The Chinese embassy in London did not respond to a request
for comment. Beijing has repeatedly denied conducting offensive
cyber operations and says it is frequently the victim of such
attacks itself.
Johan Lundgren, easyJet's chief executive, said there was
heightened concern about personal data being used for online
scams as more people worked from home because of the COVID-19
pandemic.
"As a result, and on the recommendation of the ICO
(watchdog), we are contacting those customers whose travel
information was accessed and we are advising them to be extra
vigilant, particularly if they receive unsolicited
communications," he said.
TARGETING TRAVEL RECORDS
The sources, who spoke on condition of anonymity because of
the sensitivity of the matter, said the same group of hackers
had previously targeted travel records and other data to track
the movement of specific individuals, as opposed to stealing
credit card details for financial gain.
"Interest in who is travelling on which routes can be
valuable for counter-intelligence or other tracking of persons
of interest," said Saher Naumaan, a threat intelligence analyst
at BAE Systems, who has investigated similar attacks.
EasyJet said that credit card details of more than 2,000
customers had also been compromised but it did not look like any
personal information had been misused.
The company said it had engaged forensic experts to
investigate the issue and also notified Britain's National Cyber
Security Centre (NCSC).
An NCSC spokesman said: "We are aware of this incident and
have been working with easyJet from the outset to understand how
it has affected people in the UK."
Britain's Information Commissioner's Office (ICO) said it
was also investigating the attack and urged anyone affected by
data breaches to be particularly vigilant for phishing attacks
and scam messages.
"People have the right to expect that organisations will
handle their personal information securely and responsibly. When
that doesn't happen, we will investigate and take robust action
where necessary," it said.
The ICO protects information rights and has the power to
impose fines.
British Airways, owned by airlines group AIG, is
still appealing against a 183.4 million pound ($225 million)
fine it received from the ICO after hackers stole credit card
details of hundreds of thousands of its customers in 2018.
EasyJet shares, which have lost 64% of their value in three
months, were down almost 1% at 1640 GMT.
($1 = 0.8167 pounds)
(Additional reporting by Michael Holden
Editing by Mark Potter, David Goodman and Jon Boyle)