EasyJet has disclosed details of cyber attack from what it has described as a "highly sophisticated" source.
The airline confirmed on Tuesday (19 May) email addresses and travel details belonging to approximately nine million customers were accessed, along with 2,208 customers’ credit card details.
Customers whose credit card details were compromised will be have already been contacted and offered support. Others affected by the attack will be contacted in the next few days – by 26 May at the latest.
EasyJet said while passport details weren’t accessed, on the recommendation of the Information Commissioner’s Office (ICO), it will advise customers of protective steps they can take to guard against any potential phishing exploits.
"We’re sorry this has happened, and we would like to reassure customers that we take the safety and security of their information very seriously," said the carrier in a statement.
"We take issues of security extremely seriously and continue to invest to further enhance our security environment. As soon as we became aware of the attack, we took immediate steps to respond to and manage the incident and engaged leading forensic experts to investigate the issue.
"We also notified the National Cyber Security Centre and the ICO. We have closed off this unauthorised access."
EasyJet chief executive Johan Lundgren added: "We take the cybersecurity of our systems very seriously and have robust security measures in place to protect customers’ personal information. However, this is an evolving threat as cyber attackers get ever more sophisticated.
"Since we became aware of the incident, it has become clear that owing to Covid-19, there is heightened concern about personal data being used for online scams. As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.
"Every business must continue to stay agile to stay ahead of the threat. We will continue to invest in protecting our customers, our systems, and our data. We would like to apologise to those customers who have been affected by this incident."