Easyjet admits more than nine million customers were hacked

Airline said it first became aware of the breach in January

Passenger aircraft operated by Easyjet Plc, stand on the tarmac at London Gatwick Airport, operated by Gatwick Airport Ltd., in Crawley, U.K., on Monday, May 18, 2020. The coronavirus is muddying the outlook for London's second-biggest airport. Photographer: Jason Alden/Bloomberg
Powered by automated translation

Hackers have accessed the email and travel details of around nine million Easyjet customers and credit card details of around 2,000 more in a “highly sophisticated attack”, the British airline said on Tuesday.

The airline said in a statement credit card details of 2,208 customers had been accessed. It added it had closed down unauthorised access and will contact customers in the coming days.

The airline added that it didn't look like any of the information was misused and it first became aware of the attack in January.

"We take issues of security extremely seriously and continue to invest to further enhance our security environment," it said in a statement to the stock exchange.

"There is no evidence that any personal information of any nature has been misused, however, on the recommendation of the ICO, we are communicating with the approximately nine million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing."

EasyJet has had to ground most of its flights since March amid the coronavirus pandemic, where data breaches have surged. More employees working remotely has made companies less secure and more vulnerable to cyber attacks.

Adding to its woes, the airline is in a dispute with its founder and largest shareholder, Stelios Haji-Ioannou, over a £4.5 billion plane order.

Airlines have been target of several significant data breaches over the last few years.

Thousands of British Airways and Delta Air Lines customers had their data hacked in 2018, as well as Hong Kong-based Cathay Pacific. The Asian airline said hackers had accessed personal information of 9.4 million customers.

"However this breach has been manufactured, it's clear that the aviation industry is experiencing something of a perfect storm as operators' resources are stretched – even prior to Covid-19 – and cyber groups have become increasingly active in recent weeks," Andy Barratt, UK managing director at global cybersecurity consultancy Coalfire, told The National.

“Airlines, and the wider travel sector, are consistently targeted by cybercriminals due to the large amount of digital transactions, credit and information sharing needed to ensure the industry operates smoothly."

"Notably, the direct-to-consumer booking models used by budget operators circumvent some of this but mean that there is little room for them to outsource risk when it comes to cybersecurity – as EasyJet will no doubt now be aware," he added.