British discount airline EasyJet said Tuesday the personal data of nine million customers has been stolen by computer hackers in a “highly sophisticated” cyberattack.
The carrier, which grounded the majority of its fleet in March due to coronavirus-related travel restrictions, said the hackers obtained email addresses and travel details, as well as credit card information for about 2,200 flyers.
“As soon as we became aware of the attack, we took immediate steps to respond to and manage the incident and engaged leading forensic experts to investigate the issue,” the airline said in a statement.
EasyJet CEO Johan Lundgren said there’s no evidence yet that any personal information has been misused but urged customers to beware of potential threats.
“We take the cyber security of our systems very seriously and have robust security measures in place to protect our customers’ personal information,” he said. “However, this is an evolving threat as cyber attackers get ever more sophisticated.
“It has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams. As a result … we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.”
Lundgren said the airline is working with British authorities to investigate the cyberattack.
After grounding flights on March 24, EasyJet furloughed thousands of workers and obtained a $733 million government-backed loan for businesses impacted by the coronavirus pandemic.