EasyJet has revealed that the personal details of nine million customers have been accessed by “highly sophisticated” hackers.
The discount airline – currently mired by the grounding of flights because of the coronavirus crisis and a leadership tussle led by its founder – said it was to notify those affected in the next few days.
It stressed there was no evidence that data had been misused by criminals.
It believed that the email addresses and travel details of nine million people were exposed along with the credit card details of just over 2,200 customers.
EasyJet said other than those people, the passport and credit card details of the balance were not accessed and it had closed the online channels affected by the attack.
It was yet to confirm when the incident was identified and how long it had lasted.
The statement said: “There is no evidence that any personal information of any nature has been misused, however .. we are communicating with the approximately 9 million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing.”
It added: “We’re sorry that this has happened, and we would like to reassure customers that we take the safety and security of their information very seriously.
“EasyJet is in the process of contacting the relevant customers directly and affected customers will be notified no later than 26th of May.”
The company said it was working with the Information Commissioner’s Office (ICO) and National Cyber Security Centre.