Easyjet has revealed details of a “highly sophisticated
cyber-attack” that has affected around 9 million of its customers, according to
a statement.
The airline said email addresses and travel details had been
stolen, while 2,208 customers have had their credit card information “accessed”
by hackers. The company has informed the UK’s Information Commissioner’s Office (ICO) of the attack and is investigating the breach.
According to the BBC, Easyjet became aware of the attack in
January but was only able to notify customers whose credit card details were
compromised in early April.
In a statement, the carrier, which is currently not
operating any flights due to the Covid-19 pandemic, said: “We take issues of
security extremely seriously and continue to invest to further enhance our
security environment.
“There is no evidence that any personal information of any
nature has been misused, however, on the recommendation of the ICO, we are
communicating with the approximately 9 million customers whose travel details
were accessed to advise them of protective steps to minimise any risk of
potential phishing.
“We are advising customers to be cautious of any communications
purporting to come from Easyjet or Easyjet Holidays.”
The airline industry has suffered a number of high-profile
data breaches in recent years, including a 2018 attack on British Airways
involving the personal details of more than half a million customers, for which
the ICO levied a record £183 million fine. Cathay Pacific was fined £500,000 in
the UK for a 2018 breach that affected 9.4 million passengers, including
111,578 from Britain.