MSE News

Hackers access nine million Easyjet customers' details

Hackers access nine million Easyjet customers' details

Hackers have accessed the travel details of nine million Easyjet customers, the airline has admitted. 

This includes 2,208 customers who had credit card details exposed as part of the attack.

The airline says it launched an investigation into potential unusual activity in late January. It informed all customers whose credit card details were accessed in April, and is now contacting the remaining affected customers. 

The information accessed included names, email addresses and flight details, but Easyjet says passport details weren't accessed as part of the hack. 

It has informed the Information Commissioner's Office (ICO) about the incident.

I've been affected – what can I do?

Easyjet has begun contacting affected customers and says everyone will be informed by no later than Tuesday 26 May.

If you're told you're affected, you can take the following steps to minimise the risk of being hit by fraud (see our 30+ Ways to Stop Scams guide for full help):

  • Check your bank or credit card transactions regularly. If you spot any unfamiliar or unusual activity, inform your bank or lender immediately.

  • If worried, ask for a new card. Check whether your bank or credit card firm will be routinely replacing cards affected by this breach – but if not, you can ask for a replacement card anyway.

  • Beware of 'phishing scams'. Criminals may attempt to use the news of the cyber-attack as an opportunity to trick people affected into revealing information. Easyjet says customers should be especially wary of any communications they receive that claim to be from Easyjet or Easyjet Holidays.

    Remember that no bank or any other genuine organisation will contact you out of the blue to ask for details such as your PIN or banking password, and beware of clicking on any links in text messages or emails.

  • Change your Easyjet login password. While Easyjet has not confirmed to us whether passwords were accessed (despite us chasing), to be safe it's best to change your password now, and if you use that password elsewhere, make sure you change it there too. It's good practice to use different passwords – see more info on password security.

  • See if your card provider lets you get payment notifications. Some card providers, such as American Express, allow you to get notifications on your phone or tablet every time a payment is made on your card. This way you can instantly see when a payment goes out, and if it's one you aren't expecting.

What does Easyjet say?

Easyjet chief executive Johan Lundgren said: "We take the cybersecurity of our systems very seriously and have robust security measures in place to protect our customers' personal information.

"However, this is an evolving threat as cyber-attackers get ever more sophisticated.

"Since we became aware of the incident, it has become clear that owing to Covid-19 there is heightened concern about personal data being used for online scams.

"As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.

"Every business must continue to stay agile to stay ahead of the threat. We will continue to invest in protecting our customers, our systems and our data.

"We would like to apologise to those customers who have been affected by this incident."