The personal information of nine million EasyJet passengers has been accessed in a cyber attack from a “highly sophisticated source”.
An investigation from the airline has found email addresses and travel details were obtained during the incident, with the company saying it will contact customers in the next few days.
Just over 2200 people had their credit card details accessed, with action already taken to contact these individuals and offer support.
The airline has notified the National Cyber Security Centre and the Information Commissioner’s Office (ICO) and apologised to affected customers.
Johan Lundgren, chief executive officer of EasyJet, said: “We take the cyber security of our systems very seriously and have robust security measures in place to protect our customers’ personal information.
“However, this is an evolving threat as cyber attackers get ever more sophisticated.
“Since we became aware of the incident, it has become clear that owing to Covid-19 there is heightened concern about personal data being used for online scams.
“As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.
“Every business must continue to stay agile to stay ahead of the threat. We will continue to invest in protecting our customers, our systems, and our data.
“We would like to apologise to those customers who have been affected by this incident.”