EasyJet has admitted that it has been the target of what it calls a ‘highly sophisticated’ cyber attack, which gained access to some personal details and travel information of nine million customers.
The airline says that it had notified the Information Commissioner’s Office (ICO) and the National Cyber Security Centre (NCSC) of the United Kingdom, before disclosing the incident to the public.
According to EasyJet, email addresses and travel details of approximately nine million users were accessed. Passport details were not affected. However, the attack did retrieve credit card details of 2,208 customers.
The UK-based European low-cost carrier further states that it will contact all affected users, whose email addresses and travel information have been exposed.
Update: In emails sent to customers which were obtained by International Flight Network, EasyJet writes that between October 17th and March 4th, names, email addresses, travel details (including route, date and booking code) and value of bookings made, were accessed by the hackers. This information was not published in the company’s initial statement on the matter.
It has not been disclosed how the hackers were able to access the information. “We have closed off this unauthorised access“, EasyJet affirms.
Jakob Wert is an aviation journalist from Germany. He built up the website IFN.news and is the Editor-In-Chief of International Flight Network.