In a ‘highly sophisticated’ cyber attack hackers access email addresses, travel details and a small number of credit card details of easyJet customers. Tony McDonough reports
Low-cost airline easyJet has fallen victim to a “highly sophisticated” cyber attack, exposing the email addresses and travel details of around 9m customers.
And the carrier, which operates more than 30 routes out of Liverpool John Lennon Airport, said a forensic investigation found that, for “a very small subset of customers” (2,208), credit card details were accessed.
All the customers affected will be contacted in the next few days and easyJet has closed off the unauthorised access and has notified the Information Commissioner’s Office (ICO) and the National Cyber Security Centre.
In a statement to the stock exchange, the company said: “There is no evidence that any personal information of any nature has been misused. However, on the recommendation of the ICO, we are communicating with the approximately 9m customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing.
“We are advising customers to continue to be alert as they would normally be, especially should they receive any unsolicited communications. We also advise customers to be cautious of any communications purporting to come from easyJet or easyJet Holidays.”
Johan Lundgren, easyJet chief executive, added: “We take the cyber security of our systems very seriously and have robust security measures in place to protect our customers’ personal information. However, this is an evolving threat as cyber attackers get ever more sophisticated.
“Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams. As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.”