EasyJet reveals cyber-attack exposed 9m customers' details

Airline apologises after credit card details of about 2,200 passengers were stolen
Q&A: are you affected and what should you do?

EasyJet has revealed that the personal information of 9 million customers was accessed in a “highly sophisticated” cyber-attack on the airline.

The company said on Tuesday that email addresses and travel details were accessed and it would contact the customers affected.

Of the 9 million people affected, 2,208 had credit card details stolen, easyJet told the stock market. No passport details were uncovered.

Those customers whose credit card details were taken have been contacted, while everyone else affected will be contacted by 26 May.

EasyJet did not immediately give details of how the breach occurred, but said it had “closed off this unauthorised access” and reported the incident to the National Cyber Security Centre and the Information Commissioner’s Office (ICO), the data regulator.

The breach is one of the largest to affect any company in the UK, and raises the possibility of easyJet paying a large fine at a time when the coronavirus pandemic has put it under severe financial pressure.

British Airways was fined £183m in July 2019 after hackers stole the personal information of half a million customers. In the same month, the hotels group Marriott was fined £99.2m for a breach that exposed the data of 339 million customers worldwide.

The ICO recommended easyJet contact everyone affected because of an increased risk of phishing fraud, the airline said.

The ICO’s power to fine companies has increased under the EU’s General Data Protection Regulation.

EasyJet said “there is no evidence that any personal information of any nature has been misused”.

Sign up to the daily Business Today email or follow Guardian Business on Twitter at @BusinessDesk

The easyJet chief executive, Johan Lundgren, said: “We would like to apologise to those customers who have been affected by this incident. Since we became aware of the incident, it has become clear that owing to Covid-19 there is heightened concern about personal data being used for online scams.

“As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.”

Contributor

Jasper Jolly

The GuardianTramp

Related Content

Article image
BA, Boots and BBC staff details targeted in Russia-linked cyber-attack
Hack attributed to criminal gang hit MOVEit software used by third-party payroll provider Zellis

Dan Milmo Global technology editor

05, Jun, 2023 @6:18 PM

Article image
BA chief pledges to compensate customers after data breach
Álex Cruz apologises for ‘sophisticated’ theft affecting 380,000 payment cards

Sarah Marsh

07, Sep, 2018 @8:09 AM

Article image
JD Sports hit by cyber-attack that leaked 10m customers’ data
Retail group says incident affected shoppers at JD, Size?, Millets, Blacks, Scotts and Millets Sport brands

Mark Sweney

30, Jan, 2023 @11:06 AM

Article image
EasyJet hacking attack: are you affected and what should you do?
The airline has said the personal information of 9 million customers has been compromised

Rupert Jones

19, May, 2020 @1:14 PM

Article image
British Airways data breach: what to do if you have been affected
From which payments have been compromised to future bookings and compensation

Staff and agencies

07, Sep, 2018 @7:55 AM

Article image
How did hackers manage to lift the details of BA customers?
Airline says only information entered within a two-week period was taken

Samuel Gibbs

07, Sep, 2018 @11:53 AM

Article image
Lloyds bank accounts targeted in huge cybercrime attack
Banking group says none of its 20m accounts were hacked or compromised after fending off two-day denial of service attack

Patrick Collinson

23, Jan, 2017 @12:20 PM

Article image
Axa looks at cyber attack insurance policy in UK
Add-on policy sold in France aims to clean up private images and information posted online by hackers

Jill Treanor and Larry Elliott in Davos

25, Jan, 2015 @3:51 PM

Article image
Huge rise in hacking attacks on home workers during lockdown
Cybercriminals are exploiting fears and chaos caused by coronavirus, says security firm

Jasper Jolly

24, May, 2020 @12:42 PM

Article image
BA, Boots and BBC cyber-attack: who is behind it and what happens next?
A cybercrime group has exploited a flaw in MOVEit software and is demanding a ransom

Dan Milmo and Alex Hern

07, Jun, 2023 @1:42 PM