Budget airline EasyJet has announced it suffered a “highly sophisticated” hack that led to the leak of personal information on 9 million customers and details of 2,000 credit cards.
Email addresses and travel details of customers were exposed and affected customers will be warned in the coming days, EasyJet said. If not contacted, you’re not affected.
“Our forensic investigation found that, for a very small subset of customers (2,208), credit card details were accessed,” EasyJet said in its announcement. “Action has already been taken to contact all of these customers and they have been offered support.”
The airline said there is no evidence any personal information has been “misused.” It’s notified both the U.K. privacy watchdog, the Information Commissioner’s Office, and the National Cyber Security Centre, a public-facing cybersecurity arm of surveillance agency GCHQ.
No more detail on the nature of the attack, such as when it took place and what systems were exploited, was made available.
EasyJet CEO Johan Lundgren apologized to customers. “This is an evolving threat as cyber attackers get ever more sophisticated,” Lundgren added.
"Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams. As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.”
As for what customers can do, EasyJet added: “We are advising customers to continue to be alert as they would normally be, especially should they receive any unsolicited communications. We also advise customers to be cautious of any communications purporting to come from easyJet or easyJet Holidays.”