 |
| Photo easyJet |
The airline said it became aware of the hack in January, but only notified some customers who have had their credit card details stolen in early April.
"This was a highly sophisticated attacker. It took time to understand the scope of the attack and to identify who had been impacted - We could only inform people once the investigation had progressed enough that we were able to identify whether any individuals have been affected, then who had been impacted and what information had been accessed."
In response to the breach, UK's Information Commissioner's Office said it was investigating, "People have a right to expect that organisations will handle their personal information securely and responsibly. When that doesn't happen, we will investigate and take robust action where necessary."
As soon as the airline became aware of the attack, it allegedly engaged forensic experts to investigate the issue and then notified the National Cyber Security Centre. The forensic investigation found that the names, email addresses and travel details of approximately nine million customers were accessed.
In addition, the investigation also found that the credit card details of 2,208 customers were accessed including the three-digit security code on the back of the cards. easyJet says it as taken action to contact the affected customers and so far there is no evidence that any personal information of any nature, including credit card data, has been misused.
Recommended for you...
