INDEX / DIRECTORY / EASYJET / V-DIG

Easyjet V-DIG

DIGITAL INFRASTRUCTURE AUDIT UPDATED 2026-05-18
V-DIG Score 3.00 /10 E Easyjet — BDS-1000 194
V-DIG 3.00

Evidence-only forensic audit. Scoring happens downstream — see the main dossier for the composite assessment.

V-DIG Audit: EasyJet Plc

Audit Phase: V-DIG Domain Audit Target Entity: EasyJet Plc (LSE: EZJ) Registered Address: Hangar 89, London Luton Airport, Luton, Bedfordshire, LU2 9PF, United Kingdom Audit Date: May 2026

Enterprise Technology Stack & Vendor Relationships

Israeli-Origin Software and Services

CyberArk — Privileged Access Management & Endpoint Privilege Manager

EasyJet’s use of CyberArk is the most extensively evidenced Israeli-origin technology relationship in this audit. Job postings published circa 2024 for a “Platform Engineering Specialist – Identity and Access Management” based at Luton explicitly require hands-on CyberArk PAM experience, listing responsibilities that include designing, building, and maintaining the CyberArk-based IDAM platform alongside Microsoft Entra ID 12. A contributor self-identified as an Enterprise Architect for Information Security at EasyJet provided a detailed product review of CyberArk Endpoint Privilege Manager (EPM) on PeerSpot, describing its deployment across the corporate endpoint fleet 3. CyberArk was founded by Udi Mokady and Alon N. Cohen; the company maintains primary R&D operations in Israel and is incorporated under Israeli law, as documented in its SEC 20-F filings 4. The 2024 job postings indicate this is a current, ongoing relationship embedded at the core identity and access control layer — governing administrative credential vaulting and endpoint privilege management across EasyJet’s corporate infrastructure.

SentinelOne — Endpoint Detection and Response / Managed Detection and Response

EasyJet is listed as a customer of SentinelOne’s “Vigilance” managed EDR (MDR) service on a PeerSpot vendor comparison page 5. SentinelOne was co-founded by Israeli technologists Tomer Weingarten and Almog Cohen and maintains substantial R&D operations in Israel, as documented in its SEC S-1 filing 6. The Vigilance service, if current, would constitute an outsourcing of 24/7 SOC-level monitoring to the vendor — a significant operational dependency. Ongoing contract status as of 2025 is unconfirmed: EasyJet’s 2025 Annual Report does not name specific cybersecurity vendors 7, and the PeerSpot listing carries no date of publication.

Verint Systems — Workforce Optimisation / Speech Analytics

The Sabio Group press release confirms EasyJet contracted Sabio to upgrade its Operational Service Desk to Avaya Aura Communication Manager, and that Sabio explicitly provides support for Avaya, Nuance, and Verint technologies as integrated platforms within this deployment 8. Industry directories from 2015 and circa 2017–2019 list EasyJet as a Verint workforce optimisation customer 910. Verint was spun out of Comverse Technology, a company with documented origins in Israeli SIGINT technology; Verint’s SEC 10-K filings confirm its Israeli R&D centres and corporate history 11. The deployment is confirmed via integrator relationship rather than direct Verint procurement. Post-2020 primary source confirmation of active Verint modules at EasyJet is not available; the directory listings are partially pre-2020 and should be treated as indicative rather than definitive of current deployment.

Check Point Software Technologies

Check Point has published threat intelligence and case studies referencing the EasyJet 2020 breach as an illustrative example of aviation-sector vulnerabilities 12, and Check Point executives publicly commented on the aviation sector cyberattack environment following a September 2025 incident affecting European airports 1314. Check Point is Israeli-founded and headquartered in Tel Aviv 15. No direct evidence of EasyJet licensing Check Point firewall, endpoint, or network security products has been identified. Source classes checked include corporate filings, job postings, press releases, and trade press. Relationship status: no public evidence of direct product deployment identified; referenced in threat intelligence context only.

Wiz — Cloud Security Posture Management

Quinn Emanuel Urquhart & Sullivan LLP’s trade secret litigation practice area page lists both EasyJet and Wiz among its representative clients 16. This reflects shared legal representation, not a technology procurement relationship. No public evidence of EasyJet licensing or deploying Wiz software has been identified. Wiz is an Israeli-founded company acquired by Alphabet/Google for $32 billion (announced March 2025) 4. Relationship status: no procurement relationship evidenced.

Palo Alto Networks; Claroty; NICE; Akamai

No public evidence of EasyJet licensing products from Palo Alto Networks, Claroty, NICE Systems, or Akamai has been identified. Source classes checked: corporate filings, job postings, press releases, and trade press.

Non-Israeli Core Vendors and Integrators

EasyJet’s confirmed principal technology partners outside the Israeli-origin category include:

No public evidence that TCS, Sabio, or other confirmed integrators mandated or recommended Israeli-origin technology as a specific programme requirement, beyond the Sabio/Verint bundling noted above 8.

Surveillance, Biometrics & Retail Technology

Facial Recognition and Biometric Passenger Processing

In May 2018, EasyJet and Gatwick Airport jointly launched what was described as the UK’s first trial of end-to-end biometric passenger processing 242526. The system captured live facial images at self-service bag drops and boarding gates, matching them against the digital photograph stored in passengers’ biometric e-passports and against the airline’s flight manifest 2425. This was a joint initiative between the airline and the airport operator, not solely an EasyJet-driven technology deployment.

Materna IPS is documented as a supplier of automated passenger handling and biometric identification systems to EasyJet at the check-in, bag drop, and boarding stages 22. Materna IPS is a German company; no Israeli corporate origin has been identified.

Gatwick Airport subsequently invested in permanent biometric e-gate infrastructure ahead of FTE Global 2019, citing the EasyJet trial outcomes 27. Hardware vendors cited in that context include NEC and Vision-Box (a Portuguese company); neither is Israeli-origin 27.

SITA (Swiss-registered, globally owned aviation IT consortium) provides passenger processing and digital identity frameworks to the aviation sector including EasyJet 28. SITA’s published “Biometric Digital Identity Prism” reports — covering both travel and hospitality and government services — reference Oosto (formerly AnyVision) as a vendor within the broader biometric identity ecosystem 2829. Oosto/AnyVision is an Israeli facial recognition company documented as having been used in West Bank checkpoint surveillance systems, as reported in a 2021 NBC News investigation 30. However, no direct public evidence has been identified that EasyJet’s specific Gatwick biometric gates or any other EasyJet deployment uses Oosto/AnyVision algorithms. The SITA Prism reports describe the market landscape and vendor ecosystem rather than EasyJet-specific configurations. The potential Oosto/AnyVision vector, if real, would be indirect — routed through SITA’s platform — rather than direct EasyJet procurement. This remains an unconfirmed supply-chain risk rather than a confirmed finding.

European Commission research documents on next-generation no-gate crossing point solutions are relevant to the broader technological context within which EasyJet’s biometric trials sit 31, though they do not name EasyJet’s specific vendors.

Predictive Analytics and Workforce Monitoring

No public evidence has been identified of EasyJet deploying Israeli-origin predictive policing tools, social media sentiment monitoring, or employee surveillance platforms beyond the Verint contact centre deployment described under Enterprise Technology Stack. No public evidence of BriefCam, Trigo, Trax, or gait analysis technologies has been identified in connection with EasyJet.

Third-Party and Mediated Deployments

The Verint workforce optimisation deployment reaches EasyJet indirectly via Sabio as managed integrator within a bundled Avaya/Verint platform rather than through direct Verint procurement 8. The potential Oosto/AnyVision vector, if real, would also be indirect via SITA’s Smart Path platform rather than direct EasyJet procurement 2829.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Data Centre Presence in Israel

No public evidence has been identified that EasyJet operates, leases, or co-locates data centre infrastructure within Israel. Source classes checked: annual reports 715, corporate filings, press releases, and AWS partner documentation.

AWS and Project Nimbus

EasyJet is a confirmed AWS customer, using AWS to host applications and to run Databricks analytics workloads 181921. AWS is one of two cloud providers (alongside Google Cloud) awarded the Project Nimbus contract with the Israeli government and Ministry of Defence, a sovereign cloud agreement valued at approximately $1.2 billion 32. No Tech for Apartheid campaigners and The Guardian have documented the scope of this contract and organised protests at Google and Amazon 33, focusing on the contracting companies as direct participants rather than their commercial customers.

No public evidence has been identified that EasyJet participates directly in Project Nimbus, routes workloads through the AWS Israel (Tel Aviv) region, or holds any sub-contract or government-facing role within that programme. EasyJet’s documented AWS usage relates to European operations, SD-WAN routing, and commercial data analytics 1819. The relationship is structural and indirect: EasyJet’s AWS expenditure contributes to AWS’s global commercial revenues, which fund AWS’s capacity to pursue sovereign defence cloud contracts, but no direct contractual linkage is evidenced 3233.

AWS region selection for individual commercial customers is not publicly disclosed, so the question of whether EasyJet’s workloads traverse the Israel region cannot be resolved from publicly available sources.

Data Sovereignty and Resilience Services

No public evidence has been identified that EasyJet provides or markets data sovereignty or infrastructure resilience services to Israeli state institutions or military bodies. EasyJet operates as an airline and does not publicly position itself as a cloud or technology service provider.

Defence, Intelligence & Security Sector Technology Relationships

Military and Intelligence Contracts

No public evidence has been identified of EasyJet holding contracts, partnerships, or service agreements with the Israeli Ministry of Defence, the Israel Defense Forces (IDF), or Israeli intelligence agencies (Mossad, Shin Bet, Unit 8200, or affiliated organisations).

Dual-Use Technology Provision

No public evidence has been identified that EasyJet’s commercial technology has been reported or confirmed as deployed for military, intelligence, or law enforcement surveillance within Israel or the occupied Palestinian territories.

The Verint deployment noted in the Enterprise Technology Stack section involves technology with documented dual-use origins — Verint’s parent company Comverse had roots in Israeli SIGINT and lawful interception technology, and Verint itself markets lawful intelligence products alongside its commercial workforce optimisation suite 11. However, no evidence has been identified that EasyJet’s specific Verint deployment — described as contact centre analytics and workforce optimisation via the Sabio/Avaya platform 8 — has been operationalised for any state surveillance purpose.

The September 2025 cyber incident involving Collins Aerospace disrupted check-in and operational systems at multiple European airports 131434. Public reporting identified Heathrow, Berlin, and Brussels among the affected airports. EasyJet operates at multiple affected locations, but public reporting does not confirm EasyJet-specific operational disruption arising from Israeli-linked technology vectors. Check Point executives were quoted in media coverage of this incident in their capacity as industry commentators 1314, not as EasyJet technology suppliers.

Offensive Cyber and Weapons Technology

No public evidence has been identified. EasyJet is not a cybersecurity vendor or weapons developer and has no disclosed role in offensive technology programmes.

AI, Algorithmic & Autonomous Systems

AI and Machine Learning Deployments

EasyJet has invested substantially in AI-driven operational management, with public reporting and vendor case studies describing the management of approximately 2,000 daily flights using AI tools covering dynamic pricing, crew scheduling, route optimisation, and maintenance prediction 21. These are internal commercial applications directed at operational efficiency and revenue management.

TCS’s case study describes processing more than 30 years of historical passenger and operational data to build predictive analytics models, with EasyJet’s data hub hosted on Databricks on AWS 172021. Databricks’ Lakebase architecture supports these workloads following EasyJet’s consolidation of over 100 Git repositories 1920.

AI Provision to State Bodies

No public evidence has been identified that EasyJet has provided, licensed, or sold AI models, training datasets, or algorithmic systems to Israeli state, military, or intelligence bodies. EasyJet’s AI deployments are documented exclusively as internal commercial tools 1721.

Training Data and Model Development

EasyJet’s TCS partnership involved processing historical passenger and operational data to build predictive models 17. No public evidence has been identified that this data or these models have been shared with or used to train models deployed by Israeli state or military bodies.

SentinelOne Vigilance, as a managed EDR service, collects endpoint telemetry from EasyJet’s network and processes it through SentinelOne’s cloud backend 56. SentinelOne’s S-1 filing acknowledges that its AI detection models are trained on aggregated telemetry from its global customer base 6. This is a standard commercial arrangement disclosed in SentinelOne’s public filings; no evidence has been identified of specific data flows from EasyJet to Israeli military or intelligence consumers, or of EasyJet’s telemetry being used to develop capabilities for Israeli state use.

ENISA’s Threat Landscape 2021 addresses the broader cyber threat environment facing aviation operators including EasyJet, but does not describe EasyJet-specific AI deployments or Israeli technology relationships 35.

Autonomous Systems and Lethal Autonomy

No public evidence has been identified. EasyJet operates commercial passenger aviation and has no disclosed involvement in autonomous weapons, drone programmes, or lethal autonomous systems.

Technology Ecosystem & R&D Footprint

Israeli R&D Centres and Offices

No public evidence has been identified that EasyJet operates R&D facilities, engineering offices, innovation labs, or accelerator programmes within Israel. EasyJet’s principal technology hubs are documented at Luton (headquarters), London, and through its European airport network. Source classes checked: annual reports 715, press releases, and publicly available corporate records.

Acquisitions and Strategic Investments

No public evidence has been identified of EasyJet acquiring Israeli-origin technology companies or making strategic investments in Israeli technology startups or venture funds. EasyJet’s M&A activity has been airline-focused (routes, slots, and operational assets). Source classes checked: annual reports, press databases, and Companies House filings.

Patents and Intellectual Property

No public evidence has been identified of co-development arrangements or licensing agreements between EasyJet and Israeli-domiciled entities or Israeli research institutions (including the Technion, Hebrew University, Weizmann Institute, or Ben-Gurion University). Source classes checked: USPTO, EPO, and UK IPO patent databases searched by entity name, and academic partnership registers.

R&D Partnerships and Innovation Programmes

EasyJet’s documented innovation partnerships are with European and global commercial vendors — TCS, Databricks, Cisco ThousandEyes, Sabio, and Materna IPS — with no Israeli-domiciled research or technology development partner identified in public sources 1718192022.

Civil Society Scrutiny & Regulatory History

NGO and Academic Reports

No NGO investigations, UN reports, or academic studies specifically addressing EasyJet’s technology relationships with the Israeli state have been identified. The “No Tech for Apartheid” campaign, documented in The Guardian in April 2024, targets Google and Amazon as direct Project Nimbus contractors and does not identify EasyJet as a downstream customer of concern 33. The UC Berkeley eScholarship paper on transportation ecosystem cybersecurity references EasyJet solely in the context of the 2020 data breach as a case study in aviation-sector vulnerability, with no Israeli technology nexus discussed 12. The ENISA Threat Landscape 2021 similarly situates EasyJet within the general threat environment rather than any technology-specific geopolitical analysis 35.

Boycott, Divestment and Sanctions Campaigns

No public evidence has been identified of organised boycott, divestment, or sanctions (BDS) campaigns specifically targeting EasyJet for technology provision to Israeli state entities. Source classes checked: BDS Movement publications, Palestine Solidarity Campaign (UK) press releases, Stop the Wall, Who Profits database, and general news databases.

ICO Investigation and Penalty (2020–2022)

In May 2020, EasyJet publicly disclosed a data breach in which approximately 9 million customers’ personal data was accessed, along with the credit card details of approximately 2,200 customers 3637. The UK Information Commissioner’s Office (ICO) investigated and issued a £2.5 million penalty notice in October 2022 for violations of the UK GDPR and the Data Protection Act 2018, finding that EasyJet had failed to implement adequate security measures 383940. The ICO’s penalty notice sets out in detail the nature of the security failures identified 39. This regulatory action concerns data security governance failures; it has no identified connection to Israeli technology relationships.

Group Litigation Order and Class Action Proceedings

A Group Litigation Order (GLO) was certified in UK courts in 2020 covering approximately 9 million affected customers, with reported potential aggregate liability of up to £18 billion 41. As of the 2025 Annual Report, this litigation remained ongoing 7. The proceedings concern the data breach and EasyJet’s data protection obligations; no Israeli technology nexus has been identified in the public litigation record.

Export Control, Sanctions and Technology-Specific Regulatory Actions

No export control enforcement actions, sanctions-related investigations, or regulatory inquiries concerning EasyJet’s technology sales or services to Israeli state entities have been identified. No debarment, watchlist placement, or compliance proceedings of this nature appear in public records.

End Notes

Footnotes

  1. https://www.cybersecurityjobsite.com/job/5505133/platform-engineering-specialist-identity-and-access-management/

  2. https://www.totaljobs.com/job/platform-engineering-specialist-identity-and-access-management/easyjet-airline-company-limited-job106767513

  3. https://www.peerspot.com/questions/what-advice-do-you-have-for-others-considering-cyberark-endpoint-privilege-manager

  4. https://www.reuters.com/technology/cybersecurity/alphabet-buy-wiz-32-billion-2025-03-18/ 2

  5. https://www.peerspot.com/products/comparisons/secureresponse_vs_sentinelone-vigilance 2

  6. https://www.sec.gov/Archives/edgar/data/1562207/000162828021013192/s-120210517.htm 2 3

  7. https://s203.q4cdn.com/522538739/files/doc_financials/2025/q4/easyJetARA25_DIGITAL_sm.pdf 2 3 4

  8. https://sabiogroup.com/news/easyjet-selects-sabio-for-avaya-upgrade-and-technology-support/ 2 3 4 5

  9. https://www.contactbabel.com/wp-content/uploads/2017/08/UK-Contact-Centre-Decision-Makers-Guide-2015-13th-edition-v6.pdf

  10. https://issuu.com/forum_events/docs/eventguide_cccs_sept_pages

  11. https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=0001166388&type=10-K&dateb=&owner=include&count=40 2

  12. https://escholarship.org/content/qt5t76p2sk/qt5t76p2sk.pdf 2

  13. https://www.ampcuscyber.com/shadowopsintel/collins-aerospace-hack-ripples-across-europe/ 2 3

  14. https://techhq.com/news/heathrow-berlin-brussels-airports-disrupted-by-check-in-breach/ 2 3

  15. https://s203.q4cdn.com/522538739/files/doc_financials/2024/ar/easyjet-annual-report-2024.pdf 2 3

  16. https://www.quinnemanuel.com/practice-areas/trade-secret-litigation/

  17. https://www.tcs.com/what-we-do/industries/travel-and-logistics/case-study/easyjet-partnership-driving-data-led-transformation 2 3 4 5

  18. https://www.thousandeyes.com/resources/easyjet-case-study 2 3 4

  19. https://www.databricks.com/blog/databricks-lakebase-generally-available 2 3 4 5

  20. https://www.databricks.com/blog/booking-bon-voyage-how-ai-redefining-travel-hospitality-experience 2 3 4

  21. https://www.databricks.com/customers/easyjet 2 3 4 5

  22. https://www.airport-technology.com/contractors/baggage/materna/ 2 3

  23. https://www.airport-technology.com/features/easyjet-ground-handling-operations-gatwick-airport-dhl/

  24. https://www.futuretravelexperience.com/2018/05/gatwick-airport-easyjet-launch-biometric-technology-trial/ 2

  25. https://www.internationalairportreview.com/news/69387/garwick-easyjet-end-end-biometrics/ 2

  26. https://www.airport-technology.com/news/gatwick-airport-launch-first-trial-biometrics-technology/

  27. https://www.biometricupdate.com/201908/gatwick-reveals-major-investment-in-biometric-e-gates-ahead-of-fte-global-2019 2

  28. https://www.sita.aero/globalassets/docs/other/prism-report-travel-and-hospitality.pdf 2 3

  29. https://www.sita.aero/globalassets/docs/other/biometric-digital-identity-govt-services-prism-report.pdf 2

  30. https://www.nbcnews.com/tech/tech-news/microsoft-backed-facial-recognition-firm-quietly-surveils-west-bank-palestinians-n1252178

  31. https://ec.europa.eu/research/participants/documents/downloadPublic?documentIds=080166e5cef1aa0f&appId=PPGMS

  32. https://www.theguardian.com/technology/2022/apr/12/google-amazon-project-nimbus-israel-military-contract 2

  33. https://www.theguardian.com/technology/2024/apr/17/no-tech-for-apartheid-google-amazon-workers-protest-project-nimbus 2 3

  34. https://www.cio.inc/easyjet-embraces-ai-technology-to-manage-2000-flights-daily-a-25375

  35. https://www.enisa.europa.eu/sites/default/files/publications/ENISA%20Threat%20Landscape%202021.pdf 2

  36. https://www.theregister.com/2020/05/19/easyjet_hack_9million_2000_credit_cards/

  37. https://thehackernews.com/2020/05/easyjet-data-breach-hacking.html

  38. https://ico.org.uk/action-weve-taken/enforcement/easyjet-plc/

  39. https://ico.org.uk/media/action-weve-taken/enforcement/easyjet-plc/4024005/easyjet-plc-penalty-notice.pdf 2

  40. https://www.theguardian.com/business/2022/oct/25/easyjet-fined-ico-data-breach

  41. https://www.bbc.co.uk/news/technology-53556752