EASYJET has been targeted in a cyber attack, which has resulted in hackers accessing millions of customers contact and travel information.
The airline, which has currently grounded all of its flights in response to the coronavirus pandemic, said it has now blocked the unauthorised access. A company investigation found that the email address and travel details of about 9million customers were accessed. The hackers also accessed the credit card details of more than 2,000 customers.
The company said it had engaged leading forensic experts to investigate the issue.
It has also notified the Information Commissioner’s Office and the National Cyber Security Centre.
Easyjet said there is currently no evidence the information has been misused and said all customers affected will be contacted in the coming days.
The budget airline said in a statement: “There is no evidence that any personal information of any nature has been misused.
“However, on the recommendation of the ICO, we are communicating with the approximately 9m customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing.
“We are advising customers to continue to be alert as they would normally be, especially should they receive any unsolicited communications.
“We also advise customers to be cautious of any communications purporting to come from easyJet or easyJet Holidays.”
Johan Lundgren, easyJet chief executive, added: “We take the cyber security of our systems very seriously and have robust security measures in place to protect our customers personal information. However, this is an evolving threat as cyber attackers get ever more sophisticated.
“Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams.
“As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.”