A high-profile cyberattack data breach was the last thing easyJet needed as it wrestles with the biggest crisis the airline industry has ever seen. However, that is exactly what it is faced with. The company’s handling of the issue has been far from perfect and highlights the importance of an effective post-breach plan in minimising reputational damage.
The hack, which easyJet described as a ‘highly sophisticated cyberattack’, has affected approximately nine million customers, although only around 2,200 of those are believed to have had their payment details stolen. The company has gone public to warn the nine million people affected that they could be targeted by phishing attacks. This is the correct and responsible thing to do, but question marks lie over other elements of the company’s response.
The airline announced the breach on 19 May but has said that it will notify everyone affected by 26 May. It takes time to notify nine million people, but a week feels like a long time to leave people who have booked flights with easyJet in the past worrying about whether their details have been compromised.
According to easyJet’s announcement, the attack actually occurred in January and it complied with regulations by notifying the ICO immediately. It is actually prudent to establish the facts and ascertain who has been affected before going public with the breach, announcing it too early could cause undue concern. However, a lot of time has passed since January and questions must be asked as to why this has taken so long.
Cyberattacks have unfortunately become a part of corporate life in the digital age and companies across all sectors invest significant capital in bolstering their defences. There is only so much they can do to counter the threat and the fact is that breaches can still occur. When this happens, attention shifts to the post-breach reaction and this is where many companies are found wanting.
Managing the fallout surrounding a high-profile attack is far from straightforward but it is essential that an effective strategy is in place for doing so as this will play a key role in determining consumer reaction. A plan needs to be in place before a breach occurs so the company can react swiftly. This will lead to a more assured response than if the company was scrambling to react.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataEmploying appropriate post-breach consultants from leading players such as Accenture, IBM, FireEye, Herjavec Group, or root9B will help formulate a credible PR strategy to demonstrate that management will now take all actions possible to protect critical digital assets.
They will also look to understand the hackers and what drives them. Identifying the characteristics of a hacker in one breach can help pre-empt others. If travel companies can demonstrate that they are using such services, their claims of reducing future data security risks will have far more credibility.