EasyJet says 9 million travel records taken in data breach

Zack Whittaker
Grounded RyanAir and EasyJet aircraft are pictured on the apron at London Luton Airport, north of London, on April 16, 2020. - EasyJet will likely keep its middle seats empty once flights resume to maintain social distancing triggered by the coronavirus pandemic, the British no-frills airline said Thursday. "I expect that to happen," chief executive Johan Lundgren told reporters when questioned about the current financial health of EasyJet, which has grounded all commercial flights because of COVID-19. "That is something that we will do because I think that is something that the customers would like to see," he added. (Photo by JUSTIN TALLIS / AFP) (Photo by JUSTIN TALLIS/AFP via Getty Images)

EasyJet, the U.K.'s largest airline, said hackers have accessed the travel details of 9 million customers.

The budget airline said 2,200 customers also had their credit card details accessed in the data breach, but passport records were not accessed, a company statement said.

EasyJet did not say when the security incident happened or how the hackers accessed its systems, but the company said it referred the incident to the Information Commissioner's Office, the U.K.'s data protection agency. Companies are given 72 hours to inform regulators of a security incident under European data protection rules.

Spokespeople for EasyJet did not immediately comment when contacted by TechCrunch.

The airline, like the rest of the aviation industry, has been hit hard by the coronavirus pandemic, which forced vast swathes of the global population to stay at home, and put business travel and vacations on hold. Prior to the pandemic, EasyJet carried more than 28 million passengers in 2019.

The company was one of the first to ask the U.K. government for a bailout to prevent financial collapse.

The ICO said last year that it intended to fine British Airways a record £183 million ($230m) after a data breach exposed the booking details of 500,000 customers. Hackers had siphoned off thousands of credit card numbers after installing skimming malware on its website.

British Airways breach caused by credit card skimming malware, researchers say