The European budget airline, which has seen its fleet anchored by the coronavirus, told the stock market that unauthorized access to its systems has been closed.
An airline investigation found that 9 million customers had access to their email address and trip details, while 2,208 customers had access to their credit card details. Affected customers will be contacted by May 26, said EasyJet.
The airline did not disclose when the attack took place or how long it lasted. The company was not immediately available for comment when contacted by CNBC.
EasyJet CEO Johan Lundgren said in a statement that the company takes the cybersecurity of its systems seriously, “however, this is an evolving threat as cyber attackers become more sophisticated” .
Lundgren said EasyJet will make affected customers “extra vigilant”, especially if they receive suspicious emails. The airline said customers should be extremely careful about any communications that are believed to originate from EasyJet or EasyJet Holidays.
“We will continue to invest to protect our customers, our systems and our data,” he said. “We would like to apologize to the customers who were affected by this incident. “
EasyJet said it works with the National Cyber Security Center and the Information Commissioner’s Office, which is the UK’s data regulator.
Andrew Tsonchev, director of technology at cybersecurity firm Darktrace, said: “It is not surprising that well-known organizations that are very publicly affected by the pandemic – and who are known to have made available a lot personnel – be the target of sophisticated cyberattacks. , with the potential to cause significant damage to reputation. “
He added, “Across our entire customer base – we’ve seen an increase in highly targeted and sophisticated attacks like these. “Downstream” access to customers and customer data is often the goal of these attacks, because retaining this data not only secures a quick ransom payment at a time when businesses want to cut costs, but can also provide essential information for launching secondary attacks. ”