9 million easyJet accounts hacked

Airline company easyJet announced Tuesday that a recent data breach by a “highly sophisticated actor” had comprised the personal information of 9 million customers.

Hackers were able to access the email addresses and travel details of all 9 million, and more than 2,000 had their credit card information compromised. The airline said in a statement that the “unauthorized access” used by hackers to steal the data had been “closed off.”

EasyJet said it would notify all customers who had credit card numbers stolen by May 26 and advised all customers to be wary of malicious emails that might use stolen travel information to try to steal more data. It emphasized that there was no evidence that the stolen information had been “misused.”

The company, which is headquartered in the United Kingdom, notified the U.K.’s National Cyber Security Centre and the Information Commissioner’s Office once it became aware of the breach, but it did not offer details on when the breach took place or how long it has known about the incident.

Johan Lundgren, the CEO of easyJet, said in a statement Tuesday that the company “would like to apologize to those customers to have been affected by this incident.”

“We take the cyber security of our systems very seriously and have robust security measures in place to protect our customers’ personal information,” Lundgren said. “However, this is an evolving threat as cyber attackers get ever more sophisticated.”

He pointed to the coronavirus pandemic as a catalyst for hackers targeting personal information at a greater rate.