EasyJet hacked: 9 million affected and some credit card details taken

Airline EasyJet has been hacked, with personal details for around 9 million customers taken, the company admitted today. The exploit saw bad actors access email address and travel details of millions of EasyJet customers, it has been confirmed, and in some case credit card details too.

EasyJet is currently contacting its customer affected by the breach, a process which it says it expects to happen over the next few days. That process should be finished no later than May 26, it promises; if you haven't heard from the airline by that point, it seems like your data is safe.

Nonetheless, it's a huge embarrassment, and an enormous security lapse. EasyJet blamed "a highly sophisticated source" for the hack, though has not said when exactly it took place. "As soon as we became aware of the attack, we took immediate steps to respond to and manage the incident and engaged leading forensic experts to investigate the issue," the company said in a statement today. "We also notified the National Cyber Security Centre and the ICO [Information Commissioner's Office]."

Thankfully, those EasyJet customers who had credit card details stolen are far smaller in number. 2,208 users had their card details taken, the airline says. It has already contacted those impacted.

EasyJet has not disclosed who is believed to be responsible for the hack, or how the company became aware of it. Nor has it explained what, exactly, the hack comprised. "We take the cyber security of our systems very seriously and have robust security measures in place to protect our customers' personal information," EasyJet CEO Johan Lundgren insisted today. "However, this is an evolving threat as cyber attackers get ever more sophisticated."

The airline says that it has no evidence that the personal data taken from its systems has been misused at this stage. However the company is warning EasyJet customers to be wary of contact purporting to be from EasyJet or EasyJet Holidays, as those emails could in fact be phishing attempts.

EasyJet built a reputation as a budget airline with aggressive cost-saving measures, notorious for its cheap tickets and its eagerness to charge for facilities that other, more expensive counterparts provided free. The company grounded the majority of its fleet from March 24, due to the COVID-19 crisis, though has been operating at a minimal schedule of essential services. Customers had been advised that they could change their flights, fee-free, until February 28, 2021, and EasyJet had warned that, even before news of this hack today, its customer services teams were already swamped.