and EasyJet admits data of nine million hacked

BBC Technology 19 May 2020 04:58
By Jane Wakefield Technology reporter
Easyjet imageImage copyright Reuters

EasyJet has admitted that a "highly sophisticated cyber-attack" has affected approximately nine million customers.

It said email addresses and travel details had been stolen and that 2,208 customers had also had their credit and debit card details "accessed".

The firm has informed the UK's Information Commissioner's Office while it investigates the breach.

EasyJet first became aware of the attack in January.

It told the BBC that it was only able to notify customers whose credit card details were stolen in early April.

"This was a highly sophisticated attacker. It took time to understand the scope of the attack and to identify who had been impacted," the airline told the BBC.

"We could only inform people once the investigation had progressed enough that we were able to identify whether any individuals have been affected, then who had been impacted and what information had been accessed."

EasyJet added that it had gone public now in order to warn the nine million customers whose email addresses had been stolen to be wary of phishing attacks.

It did not provide details about the nature of the attack or the motives, but said its investigation suggested hackers were targeting "company intellectual property" rather than information that could be used in identity theft.

"We are advising customers to be cautious of any communications purporting to come from EasyJet or EasyJet Holidays."

"People have a right to expect that organisations will handle their personal information securely and responsibly. When that doesn't happen, we will investigate and take robust action where necessary."


Google is blocking more than 100 million phishing emails every day to Gmail users.

"Anybody who has ever purchased an EasyJet flight is advised to be extremely wary when opening emails from now on," he said.

"As a result, it is important for customers to be vigilant whenever they receive unsolicited emails or emails that appear to be from EasyJet, as these could be fake emails which link to cloned websites designed to steal your data."

The coronavirus pandemic has meant an end to much global travel, leaving airlines struggling financially.

"To add to the company's woes, it is now has to explain how the personal records of nine million customers were able to be accessed.

Image copyright Getty Images

Initially it said that only 380,000 transactions were affected and that the data did not include travel or passport details.

Under GDPR (General Data Protection Regulation), if EasyJet is found to have mishandled customer data, it could face fines of up to 4% of its annual worldwide turnover.

Millions of EasyJet customers' details of some sort or another have been accessed by hackers - but even more people now need to be vigilant.

The risks to those whose card details have been compromised are clear. Their provider should already have stopped the card, a new one will be issued, and they will need to sort out any regular payments coming from that card.

Millions of people whose email addresses and travel details have been accessed will need to change passwords, and be wary of any unexpected transactions.

Fraudsters will no doubt pose as EasyJet, banks, or the authorities and claim to be dealing with this latest breach. They are simply trying to steal personal details themselves.

Are you an EasyJet customer? Have you been a victim of the cyber-attack? Share your experiences by emailing

Continue reading original article...


EasyJetEasyJetBBCRay WalshBritish Airways
You may also like