EasyJet has revealed that the personal details of nine million customers have been accessed by "highly sophisticated" hackers.
The discount airline – currently mired by the grounding of flights because of the coronavirus crisis and a leadership tussle led by its founder – said it discovered the data breach in late January and was to notify those affected in the next few days.
It stressed there was no evidence that data had been misused by criminals.
It believed that the email addresses and travel details of nine million people were exposed along with the credit card details of more than 2,200 customers.
EasyJet said passport and credit card details were otherwise secure.
The statement said: "There is no evidence that any personal information of any nature has been misused, however… we are communicating with the approximately nine million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing."
It added: "We're sorry that this has happened, and we would like to reassure customers that we take the safety and security of their information very seriously.
More from Easyjet
"EasyJet is in the process of contacting the relevant customers directly and affected customers will be notified no later than 26 May."
The company said it had been working with the Information Commissioner's Office (ICO) and National Cyber Security Centre since discovering the hacking.
British Airways, in the process of cutting 12,000 jobs to reshape itself for the future beyond the COVID-19 pandemic, is currently on notice from the ICO for a £183m fine over a similar breach in 2018 that coincided with tougher new powers for the regulator to punish sloppy protections.
The details of 500,000 customers weRead More – Source