EasyJet admitted that it has been a target of a cyberattack from a highly sophisticated source. It first learned of the attack in January 2020. The European airline stated that the threat actors accessed the email addresses and travel details of more than nine million customers. However, the company clarified that out of the nine million affected customers, only 2,200 customers’ credit card details were compromised.
In an official statement, the airline stated that it informed the U.K.’s privacy watchdog, the Information Commissioner’s Office (ICO), and also the National Cyber Security Centre (NCSC) about the incident
While the investigation is ongoing, Easyjet stated that there is no evidence of any misuse of customer information. EasyJet urged its customers to change passwords, monitor their credit card accounts, and be vigilant of any phishing emails.
“We are communicating with the approximately 9 million customers whose travel details were accessed to advise them of protective steps to minimize any risk of potential phishing. We are advising customers to continue to be on alert as they would normally be, especially should they receive any unsolicited communications. We also advise customers to be cautious of any communications purporting to come from EasyJet or EasyJet Holidays,” Easyjet said in a statement.
EasyJet’s Chief Executive Officer, Johan Lundgren, said, “We take the cybersecurity of our systems very seriously and have robust security measures in place to protect our customers’ personal information. However, this is an evolving threat as cyber attackers get ever more sophisticated. Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams.”
“We are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications,” Lundgren added.