A “sophisticated source” had accessed the email address and travel details of approximately 9 million customers, and the credit card details of 2,208, the company said.
EasyJet CEO Johan Lundgren apologized to customers, and he cited the coronavirus pandemic as a possible incentive for hackers.
“Since we became aware of the incident, it has become clear that owing to Covid-19 there is heightened concern about personal data being used for online scams,” Lundgren said. “As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.”
The ICO told CNN Business that it is continuing to investigate the incident.
“People have the right to expect that organizations will handle their personal information securely and responsibly. When that doesn’t happen, we will investigate and take robust action where necessary,” an ICO spokesperson said.
“Anyone affected by data breaches needs to be particularly vigilant to possible phishing attacks, and scam messages. We have published advice on our website about how to spot potential phishing emails,” the spokesperson added.
The airline has not confirmed when it will start flying again, telling customers it is currently canceling flights on a seven-day rolling basis, though flights are available for booking on the company’s website from May 29.