Without revealing the identity of the suspected hackers, British budget airline easyJet said that names, email addresses and travel details of approximately 9 million of its customers were accessed after it became the target of an attack from a “highly sophisticated” source.
While easyJet started notifying some customers about the attack in April, it has now started notifying other customers in light of the increased risk of phishing emails since the outbreak of COVID-19, the company said. The affected customers will be notified no later than May 26, it added. The company also revealed that credit card details of 2,208 customers were accessed by the attacker.
According to a report in BBC, easyJet became aware of the attack in January.
“As soon as we became aware of the attack, we engaged forensic experts to investigate the issue and notified the National Cyber Security Centre. We also notified the Information Commissioner’s Office (ICO),” the company said. “There is no evidence that any personal information of any nature, including credit card data, has been misused,” it added.
Travel details that were accessed include names, email addresses, origin airport and destination, and departure date. “It does not include financial details and passport information. These were not accessed,” the company said.
The airline said that it became the target of a highly sophisticated attacker and it took time for the company to understand the scope of the attack and to identify who had been impacted.
“We’ve shut out the attacker and bolstered our defences to further enhance our systems security,” it added. “We are advising customers to continue to be alert as they would normally be, especially should they receive any unsolicited communications. We also advise customers to be cautious of any communications claiming to be from easyJet or easyJet holidays,” the airline said.