EasyJet (EZJ.L) has confirmed it has been the target of a cyber attack in which the records of around nine million customers were accessed by hackers.
The company advised customers to be “extra vigilant” amid widespread
The airline said they had been targeted by a “highly sophisticated source,” which had gained access to the email addresses and travel details of millions of passengers.
The credit card details of 2,208 customers were also accessed by the hacker, but easyJet said no other credit card details had been compromised and no passport details were accessed.
EasyJet said: “There is no evidence that any personal information of any nature has been misused.”
Action has already been taken to contact those customers whose credit card details were accessed and the other nine million affected customers will be contacted in the next few days, according to the company. Affected customers will be notified no later than 26 May, easyJet said.
The airline said: “We are advising customers to continue to be alert as they would normally be, especially should they receive any unsolicited communications. We also advise customers to be cautious of any communications purporting to come from easyJet or easyJet Holidays.”
EasyJet apologised to passengers, and said the airline would continue to invest to “further enhance their security environment.”
EasyJet CEO Johan Lundgren added: “We take the cyber security of our systems very seriously and have robust security measures in place to protect our customers' personal information. However, this is an evolving threat as cyber attackers get ever more sophisticated.
“Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams.
“As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.
“Every business must continue to stay agile to stay ahead of the threat. We will continue to invest in protecting our customers, our systems, and our data.
“We would like to apologise to those customers who have been affected by this incident.”
The Information Commissioner's Office (ICO) said: “We have a live investigation into the cyber attack involving easyJet
“People have the right to expect that organisations will handle their personal information securely and responsibly. When that doesn’t happen, we will investigate and take robust action where necessary.
“Anyone affected by data breaches needs to be particularly vigilant to possible phishing attacks, and scam messages. We have published advice on our website about how to spot potential phishing emails.”
Watch the latest videos from Yahoo Finance UK