EasyJet has revealed that the personal details of nine million customers was accessed in a “highly sophisticated” cyber-attack on the airline.
EasyJet said that email addresses and travel details were accessed and all customers affected will be contacted in the coming days. No passport details were uncovered.
The company said it had engaged leading forensic experts to investigate the issue. It has also notified the Information Commissioner’s Office and the National Cyber Security Centre.
The breach is one of the largest to affect any company in the UK and raises the possibility of easyJet that is already under severe financial pressure due to the corona crisis paying a large fine.
British Airways was fined £183m after hackers stole the personal information of half a million customers.
“However, on the recommendation of the ICO, we are communicating with the approximately 9m customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing.
“We are advising customers to continue to be alert as they would normally be, especially should they receive any unsolicited communications.
“We also advise customers to be cautious of any communications purporting to come from easyJet or easyJet Holidays.”
Johan Lundgren, easyJet chief executive, added: “We take the cyber security of our systems very seriously and have robust security measures in place to protect our customers’ personal information. However, this is an evolving threat as cyber attackers get ever more sophisticated.