Millions of easyJet passengers had their names, email addresses and travel details breached in a "highly sophisticated" cyber attack, the airline has said. The hackers obtained credit card details of over 2,200 flyers.
Unknown attackers accessed data of roughly 9 million easyJet passengers, the budget airline said on Tuesday. The company "engaged leading forensic experts to investigate the issue" after detecting the "highly sophisticated" attack in January, easyJet chief Johan Lungren said in a statement.
The hackers mostly uncovered names, emails, and travel details of the affected passengers. However, they also stole credit card information of 2,208 customers. EasyJet said that people affected in the credit card breach have already been contacted and the rest of targeted passengers will be contacted in the coming days.
At the same time, they said there was "no evidence" that any of the stolen information had been misused.
Read more: Social-distance flying the new normal?
Fears of a fine
Lungren apologized to customers and said that companies needed to "stay agile to stay ahead of the threat."
He also noted that "owning to COVID-19 there is heightened concern about personal data being used for online scams."
The UK company, like most airlines around the world, was forced to ground most of its fleet due to travel restrictions prompted by the ongoing coronavirus pandemic. The carrier could now face a hefty fine from the British authorities over the hacking, similar to a $230 million (€210 million) penalty imposed by the Information Commissioner's Office (ICO) on British Airways last year. After the flagship carrier was targeted in cyber attack, the ICO said British Airways was responsible for failing to protect the data. The airline is still appealing the decision.
On Tuesday, easyJet said they had been working with the ICO since learning of the attack.
"As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications," Lungren said.
dj/msh (Reuters, AFP, AP)