EasyJet has revealed that the personal information of 9 million customers was accessed in a “highly sophisticated” cyber-attack on the airline.
The company on Tuesday disclosed that email addresses and travel details were accessed and said it will contact all of the customers affected.
Of the 9 million people affected, 2,208 had credit card details stolen, easyJet said in a statement to the stock market.
Those customers whose credit card details were taken have already been contacted, while everyone else affected will be contacted in the “next few days”.
The Information Commissioner’s Office, the data regulator, has recommended easyJet contact everyone affected because of an increased risk of phishing fraud.
EasyJet said “there is no evidence that any personal information of any nature has been misused”.
The easyJet chief executive, Johan Lundgren, said: “We would like to apologise to those customers who have been affected by this incident.
“Since we became aware of the incident, it has become clear that owing to Covid-19 there is heightened concern about personal data being used for online scams. As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.”