EasyJet Data Breach Exposes 9 Million Customers’ Information in Sophisticated Cyberattack

The hackers obtained email addresses and travel details, and in a small number of cases, 2,208 people, the credit card data of passengers, EasyJet said in a statement, adding that all affected customers will be contacted in the coming days, by May 26 at the latest.

EasyJet has already contacted the customers whose credit card data has been compromised. It has also apologized to the people concerned. It assures that it is unable to provide any evidence that the data has been misused.

The company claims that it is a cyberattack carried out from a "highly sophisticated" source, which managed to disrupt unauthorized access to its computer system. EasyJet says it has alerted the National Cyber Security Centre (NCSC), the UK’s cybersecurity organization, as well as the UK data protection regulator (ICO), shortly after the incident.

"Since we became aware of the incident, we have understood that due to COVID-19, there are strong concerns about the use of personal data for online scams," said Johan Lundgren, CEO of the group. In light of these concerns, EasyJet is calling on customers to be vigilant, "especially if they receive unsolicited requests."

The company also intends to look into the dismissal of the management team during a shareholders’ general meeting to be held on Friday.