Security risks exposed at Marriott, British Airways, easyJet, American Airlines

The travel & leisure sector needs to do all it can to reassure customers that not only are they safe from physical threats but also the digital ones. This report is pretty damning…:

An investigation by Which? has revealed that hundreds of cyber security risks were found on numerous travel firms’ websites, potentially putting customers’ data at risk.

Security vulnerabilities were found on Marriott (MAR), easyJet (EZJ.L), British Airways (IAG.L), Lastminute.com (LMN.SW), and American Airlines (AAL) websites.

Out of the hundreds of vulnerabilities found on these companies’ websites, 18 were classed as ‘critical vulnerabilities’ on Marriott’s internet properties, and 12 were in the same category for the British Airways websites.

The number of critical vulnerabilities for American Airlines, Lastminute.com, and Easyjet was 7, 4 and 2, respectively.

These findings come after Marriott suffered two serious data breaches, one in 2018 when 339 million of its customers were affected, and another this year which affected 5.2 million customers.

Editor of Which? Travel, Rory Boland, said: “Our research suggests that Marriott, British Airways and easyJet have failed to learn lessons from previous data breaches and are leaving their customers exposed to opportunistic cybercriminals.

“Travel companies must up their game and better protect their customers from cyber threats, otherwise the ICO [Information Commissioner’s Office] must be prepared to step in with punitive action, including heavy fines that are actually enforced.”

[…]

Original article here