Business, Tech, Travel

Why Are Big Travel Companies a Target for Hackers?

Hackers are more than happy to target a wide range of different companies from all manner of sectors and industries, but travel companies have become a particular focus in recent years. Why might that be?

Cyber-attacks and data breaches seemingly occur on a daily basis, with hackers usually being indiscriminate with regards to the companies they target. That being said, recent trends seem to indicate that big travel companies are among the most frequently targeted.

A World on the Move: How Tech Has Transformed Travel

Expedia, Travelex and EasyJet are among a string a high-profile travel companies who have been victims of data breaches over the past 18 months. It raises a number of important questions, not least -why?

In this post, we’ll be delving into deeper into data breaches in the travel industry, why these companies are a prime target for hackers, as well as taking a look at some of the biggest data breach cases to have hit the news in recent times.

What Makes a Travel Company a Prime Target for Hackers?

If a company holds any sort of data, be it financial data, personal employee and customer data, or anything else, they’re naturally going to be at risk from hackers.

All companies that store data are legally obliged to make sure it’s kept secure and out of the hands of cyber-criminals. Failing to uphold this obligation will usually hand that company in hot water with the authorities. This is especially the case in situations where members of the public have lost their data through no fault of their own.

As you might expect, travel companies store huge amounts of data. This can range from personal details belonging to customers (such as their address, phone number, date of birth etc), or bank account details.

Because hackers know that this data is on file, they know it could be worth their time to see if they’re able to hack into the travel company’s online systems so the data can be extracted and sold on.

This then raises the issue of security practices. As so many different travel companies have been successfully targeted in relatively quick succession over the past few years, hackers have seemingly come to the conclusion that travel companies don’t have as effective cyber-security practices as they should. This makes them a relatively easy target.

What also needs to be considered is the fact that big travel companies bring in plenty of profit – minus the extenuating circumstances brought on by the Covid-19 pandemic. This means that, if a hacker or group of hackers carries out a ransomware attack, they know that the travel company will likely have the money to pay them to retrieve the money.

Which Travel Companies Have Been Targeted by Hackers in Recent Years?

Outdated IT Is The Biggest Cause Of Business Downtime, Not Hackers

EasyJet Expose Data of Nine Million Customers

In 2020, it was revealed that EasyJet had experienced a sophisticated cyber-attack which subsequently affected around nine million of their customers.

It was said that email addresses and travel details were stolen, as well as credit and debit card details. The investigation is still ongoing, but it appeared as though EasyJet could be facing fines of up to 40 percent of its annual worldwide turnover. This was a monumental penalty, which suggests the breach was primarily caused by negligence.

It was never confirmed exactly what caused the data breach, with a spokesperson for EasyJet simply stating: “This was a highly sophisticated attacker. It took time to understand the scope of the attack and to identify who had been impacted.

“We could only inform people once the investigation had progressed enough that we were able to identify whether any individuals have been affected, then who had been impacted and what information had been accessed.”

British Airways Suffer Hack on Website in 2018

One of the most infamous travel company data breaches in recent times was related to British Airways (BA), who were responsible for losing the payment card details belonging to 185,000 customers.

The most surprising aspect of the breach was that it took months to discover. BA only went on to spot the breach when, ironically, they were responding to a previous breach which had affected 380,000 transactions.

The Information Commissioner’s Office (ICO) didn’t act with any sympathy. They fined BA £183 million for the breach, though that figure is still rising as affected customers receive compensation for having their data exposed.

Hotel Customers Put at Risk by and Expedia Data Breach

In 2020, millions of hotel customers had their payment details leaked after security failings by the software company behind a hotel reservation system. Major companies, such as and Expedia, both used the system, which was found to have no security in place.

This meant that the attack didn’t need to be sophisticated, with data being freely available for anyone who knew where to look.

The data that was exposed stretched back as far as from 2013, and included credit card and CVV numbers, full names, ID numbers and details about customer reservations. As the likes of and Expedia were not directly responsible for the breach, they made a point to direct any queries to the company running the reservation system, Prestige Software.

An Expedia spokesperson said: “We are aware of the report related to a data security incident that Prestige Software/Cloud Hospitality may have experienced. This was not a compromise of Expedia Group’s systems. As such, we are directing any requests for information to Prestige Software/Cloud Hospitality.”

What Will the Future Look Like for Big Travel Companies and Data Breaches?

What Not to Bring on a Plane Along With What is Allowed

Judging by what we’ve learned in this post, it’s easy to see why big travel companies continue to be a target for hackers and cyber-criminals. A combination of large amounts of data, poor cyber security, high profits and a poor track record all ensure that they’re always going to be on the radar.

There’s a hope that the sheer volume of attacks will lead to better security practices moving forwards – though it’s difficult to say whether this will prove to be the case until at least a few more years have passed.

What are your thoughts? Leave a comment below so we can extend the discussion even further!

You Might Also Like