Though easyJet said it did not look like any personal information had been misused, it has engaged leading forensic experts to investigate the issue and has also notified the National Cyber Security Centre.
Jake Moore, cyber security specialist at ESET, commented: "The biggest problem for EasyJet now is to get this information out to all their customers and make them safe. Action has already been taken to contact all of these customers and they have been offered support", EasyJet stated in a "Notice of cyber security incident".
The budget European airline, which has seen its fleet grounded by coronavirus, said the unauthorized access to its systems had been closed off.
Affected customers exposing their credit card details are advised to block the affected cards and request a new one from their respective financial institution, and always keep a close eye on your bank and payment card statements for any unusual activity and report to the bank if you find any.
The carrier could now face a hefty fine from the British authorities over the hacking, similar to a $230 million (€210 million) penalty imposed by the Information Commissioner's Office (ICO) on British Airways a year ago. However, on the recommendation of the ICO (Information Commissioner's Office), we are communicating with the approximately 9m customers whose travel details were accessed to advise them of protective steps to minimize any risk of potential phishing.
"As the travel industry weathers the COVID-19 storm, it is imperative that airlines maintain the trust of loyal customers and new potential travellers, especially as communication with customers still remains exclusively virtual".
Founder Sir Stelios wants the entire Airbus order canceled
The Register has asked Easyjet for more information and will update this article when the company responds. The airline said: "We are advising customers to continue to be alert as they would normally be, especially should they receive any unsolicited communications".
Chief Executive, Johan Lundgren, said: "we would like to apologise to those customers who have been affected by this incident".
"We are advising customers to be cautious of any communications purporting to come from EasyJet or EasyJet Holidays". In 2018, British Airways was hit with a data breach that affected around half a million passengers. It cost the airline a substantial £183m fine as a result.
If you are not contacted, that means your information has not been accessed, easyJet said.
Founder Sir Stelios wants the entire Airbus order canceled. Shareholders will vote on these proposals at the Friday meeting. Are you anxious about the data breach?