Mobile provider easySim.global, which is part of the Stelios-linked easy® family of brands (easyJet, easyCar etc.) and offers low cost travel data (mobile broadband) to use all around the world via eSIM, has informed customers that they recently suffered a data breach after their database was “accessed remotely by a hacker“.
The incident itself appears to have occurred after the hacker(s) gained unauthorised access to one of the company’s servers on 5th August 2024 at 1:22pm due to an unspecified “server vulnerability“, although customers affected by the hack have only this week started to receive an email notification about the event.
The good news is that no security (passwords etc.) or financial data was compromised, but customer names and email addresses were exposed. In addition, in a “very small number of cases“, this is also said to have included customer phone numbers. One of ISPreview’s readers (Upminster309) has kindly posted a copy of the email they received on Tuesday of this week (here), which we’ve published below.
Interestingly, the email reveals that the hacker has then gone on to contact a number of the affected customers and that easySim.Global have already self-reported the data breach to the UK’s Information Commissioners Office (ICO) for further investigation, which could potentially result in a financial penalty further down the line. But the ICO typically take quite a long time to investigate such incidents.
Copy of easySIM’s Customer Email
Dear xxx,
It has come to light that our customer database was accessed remotely by a hacker late yesterday, and a small amount of customer data has been compromised.
We regret to inform you that the following data has been exposed in the data breach:
Your name
Your email addressWe would like to apologise sincerely for this data breach, caused by a vulnerability on one of our servers, which has now been rectified.
We would like to confirm that no other data has been exposed, such as your phone number, account password or payment details. Please be aware that we do not store customer payment details on our systems at any time. Furthermore, the hacker has no way of accessing your easySim.global account, your phone or eSIM, all of which continue to be safe to use.
However, the hacker, who has so far used the name Anton Green and has contacted some of our affected customers. If this happens, please forward any email to support@easysim.global immediately.
The Information Commissioners Office (ICO) has been notified and we are doing everything possible to inform affected customers. Please see the statement on our website, with details of the extent of the breach and the action we have taken. We continue to protect the integrity of our systems and would like to apologise again for any inconvenience and distress caused by this data breach.
If you need any further information, please contact us at support@easysim.global or call us on +44 (0)23 9277 8833 and press option 4 to leave and message and we will call you straight back.
Best regards
Richard Gwilliam
Director
easySim.global
EasySim.global has also posted a statement on their website, which appears to have been published the day after the event itself occurred, and largely echoes the above email. The company also confirms that only those affected by the data breach will be receiving an email about it.