Cyber hackers access details of 9 million EasyJet customers

EasyJet has been the target of a major cyber attack targeting 9million customers and stealing the credit card details of 2,208 people.

The troubled airline said that the email addresses and travel details of 9million customers were accessed by cyber hackers.

It said other than those people, the passport and credit card details of the balance were not accessed and it had closed the online channels affected by the attack.  

EasyJet has not confirmed when the cyber attack occurred, when it was identified and how long the ‘highly sophisticated’ hack lasted before detection.

In a statement to the stock market, it said: ‘There is no evidence that any personal information of any nature has been misused, however… we are communicating with the approximately 9million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing’.   

‘We take issues of security extremely seriously and continue to invest to further enhance our security environment,’ a spokesperson added. 

‘EasyJet is in the process of contacting the relevant customers directly and affected customers will be notified no later than the 26th of May.’ 

EasyJet said it had notified the Information Commissioner’s Office (ICO), the data regulator, and the National Cyber Security Centre. 

Sir Stelios Haji-Ioannou (right), the airline’s founder and biggest shareholder, is seeking to remove CEO Johan Lundgren (left) and three other board members this Friday

The ICO has recommended easyJet contact everyone affected because of an increased risk of phishing fraud during the coronavirus crisis. 

EasyJet chief executive Johan Lundgren said in a statement: ‘Since we became aware of the incident, it has become clear that owing to Covid-19 there is heightened concern about personal data being used for online scams.

‘As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.’ 

EasyJet’s disclosure comes as its leadership battles a number of challenges including the turbulence caused by the coronavirus pandemic.

Sir Stelios Haji-Ioannou’s family, the airline’s founder and biggest shareholder, is seeking to remove Mr Lundgren and three other board members this Friday.

A shareholder vote will take place amid a row over a £4.5billion order for new planes from Airbus which Sir Stelios is demanding should be scrapped. 

The company has also furloughed thousands of staff and borrowed £600million of taxpayer money under a government bailout scheme. 

Hackers have stepped up their efforts to target major companies and the data they hold on customers. 

British Airways was hit in 2018 with the theft of credit card details of hundreds of thousands of its customers, while Cathay Pacific was also hit. 

Hacking and detection firm Redscan CEO Mike Fenton told MailOnline: ‘These are already turbulent times for all companies within the aviation industry but the situation has just got significantly worse for easyJet. 

‘To add to the company’s woes, it is now having to explain how the personal records of 9million customers were able to be accessed. 

‘The ICO will be amongst the interested parties keen to know whether the company had appropriate protections in place to safeguard it.

‘When it comes to cyber security, the airline industry doesn’t have a great record. The British Airways breach in 2018 should have been a wake-up call and passenger confidence is likely to be at an all-time low after this.’