Travel details and email addresses of around nine million easyJet customers have been accessed through a “highly sophisticated” cyber hack, according to the airline.
In a statement on Tuesday (May 19, 2020), the budget carrier said the credit card details of a further 2,208 people had been accessed, but added there was “no evidence” of the data being misused.
Passport details are not believed to have been touched.
Those who have had their data accessed will be contacted in the next few days after a “forensic” investigation uncovered the breach.
They have been advised to “continue to be alert as they would normally be”, but even more so if they should receive any unsolicited communications.
It encouraged extra caution to be given to any messages received that purport to be from easyJet or easyJet holidays.
The company’s chief executive Johan Lundgren apologised for the incident in a brief statement, and said it highlighted the need for businesses to “stay agile to stay ahead of the threat.”
He added: “Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams.”
The National Cyber Security Centre and the Information Commissioner’s Office (ICO) has been made aware of the breach, and advised for anyone affected to be contacted.
The hack comes at a bad time for the aviation industry, which has been gutted by the coronavirus pandemic.
UK-based easyJet has already made the decision to ground all its flights “until further notice” due to it becoming increasingly difficult to ensure the safety of passengers and crew.
The last large-scale data hack of a British airline was that of British Airways in 2018, when the data of hundreds of thousands of passengers were accessed.
It is now facing a possible £183m (€204m) fine.
