easySim.global mobile provider reports data breach

easySim.global, a mobile provider linked to the Stelios-branded easy® family (including easyJet and easyCar), is reporting a data breach in which customer information was compromised.

The breach occurred on August 5, 2024, at 1:22 PM, when a hacker exploited a vulnerability in one of the company's servers, gaining unauthorized access to their database.

The company’s co-founder, Richard Gwilliam, expressed deep regret over the incident, attributing it to human error during work on a development system. EasySim.global rectified the server vulnerability and has since taken additional security measures to prevent future incidents. The company has self-reported the breach to the UK’s Information Commissioner’s Office (ICO), which conducted an investigation and decided not to take formal regulatory action due to the small scale of the breach and the remedial measures implemented by easySim.global.

The breach exposed the following customer information:

• Names
• Email addresses
• Phone numbers (in a very small number of cases)

easySim claims that no passwords, financial data, or other sensitive information were compromised. The company has confirmed that they do not store customer payment details, ensuring that financial data remained secure.

The number of affected individuals is not disclosed. The hacker, identified as "Anton Green," has reportedly contacted some of the affected customers directly. easySim.global has advised those who receive such communications to forward them to their support team.