EasyJet Plc said email addresses and travel data of about 9 million customers had been accessed in a “highly sophisticated” cyberattack, one of the biggest data breaches to hit the airline industry.
Credit card details for 2 208 customers had also been accessed, EasyJet said in a statement Tuesday. It said it’s closed off the unauthorized access and will contact customers over the next few days.
Cyberattacks against businesses and their employees have surged this year as hackers take advantage of the disruption caused by the coronavirus pandemic. Airlines have had several high-profile breaches in recent years. In 2018, Hong Kong’s Cathay Pacific Airways Ltd. disclosed that hackers accessed information on 9.4 million customers, making it the world’s biggest airline data breach at the time.
“The EasyJet breach comes at a time of unprecedented challenge for airline operators,” said James Castro-Edwards, a partner at law firm Wedlake Bell. The potential consequences of “enforcement action and any ensuing group litigation are catastrophic,” he added.
EasyJet is already battling Covid-19 that’s forced it to ground planes and triggered a revolt by its founder and biggest shareholder, Stelios Haji-Ioannou. The International Air Transport Association estimates European carriers face a revenue loss of $89 billion in 2020.
EasyJet on May 22 will hold a shareholder meeting called by Haji-Ioannou, who wants to remove four directors including Chairman John Barton, Chief Executive Officer Johan Lundgren and Chief Financial Officer Andrew Findlay. He’s seeking to halt the carrier’s continued expansion plans.
EasyJet shares reversed earlier gains after the hack was disclosed, trading 1.3% lower at 544.40 pence at 1:10 p.m. in London.
An influx of employees working from home has opened up new network vulnerabilities for many companies and phishing emails purporting to be from trusted health agencies prey on employees looking for information.