Hackers have made off with the information of over nine million EasyJet customers, including over 2,200 credit card numbers, the British budget airline confirmed Tuesday.
“There is no evidence that any personal information of any nature has been misused, however…we are communicating with the approximately nine million customers whose travel details were accessed to advise them of protective steps to minimize any risk of potential phishing,” the company said in a statement following an internal investigation.
The breach was said to have been discovered in late January but not reported until now. The company says it’s been working with Britain’s National Cyber Security Center and the Information Commissioner’s Office to investigate the “highly sophisticated” attack. The ICO confirmed Tuesday that an investigation into the cyberattack was still underway.
British Airways faced a £183 million ($224 million US) fine last year over a similar hacking incident that took place in 2018, with the information of half a million customers believed to have been stolen in that affair.
EasyJet is facing the same troubles as other European airlines caused by the coronavirus pandemic, which has grounded its planes and led to tens of millions of pounds in lost revenues. The company has been forced to furlough staff and borrow some £600 million pounds from the government to stay afloat. On top of that, the company is in the middle of a leadership struggle between founder and major shareholder Stelios Haji-Ioannou and CEO Johan Lundgren and other members of the board, with the Greece-born tycoon seeking their sacking. That dispute is centered around the company’s plans to order £4.5 billion pounds worth of new aircraft, with Haji-Ioannou saying that order should be scrapped and the money invested in getting planes back in the air after the coronavirus crisis.