EasyJet has admitted that a “highly sophisticated cyber-attack” has affected nine million customers.
It said email addresses and travel details had been stolen and that 2,208 customers had also had their credit card details “accessed”.
The firm has informed the UK’s Information Commissioner’s Office and is continuing to investigate the breach.
EasyJet said it first became aware of the attack in January.
In a statement it said: “We take issues of security extremely seriously and continue to invest to further enhance our security environment.
“There is no evidence that any personal information of any nature has been misused, however, on the recommendation of the ICO, we are communicating with the approximately nine million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing.”
Millions of EasyJet customers’ details of some sort or another have been accessed by hackers – but even more people now need to be vigilant.
Generally, personal details can be used by fraudsters to access bank accounts, open accounts and take out loans in the innocent victims’ names, make fraudulent purchases, or sell on to other criminals.
The risks to those whose card details have been compromised are clear. Their provider should already have stopped the card, a new one will be issued, and they will need to sort out any regular payments coming from that card.
Following a similar data breach at British Airways in 2018, some found this a frustrating and time-consuming task.
Millions of people whose email addresses and travel details have been accessed will need to change passwords, and be wary of any unexpected transactions.
Everyone else, particularly EasyJet customers whose details have not been affected, must be alert to other unsolicited emails and messages.
Fraudsters will no doubt pose as EasyJet, banks, or the authorities and claim to be dealing with this latest breach. They are simply trying to steal personal details themselves.