EasyJet says 9 million travel records taken in data breach

EasyJet, the U.K.’s largest airline, said hackers have accessed the travel details of 9 million customers.

The budget airline said 2,200 customers also had their credit card details accessed in the data breach, but passport records were not accessed, a company statement said.

EasyJet did not say when the security incident happened or how the hackers accessed its systems, but the company said it referred the incident to the Information Commissioner’s Office, the U.K.’s data protection agency. Companies are given 72 hours to inform regulators of a security incident under European data protection rules.

Spokespeople for EasyJet did not immediately comment when contacted by TechCrunch.

The airline, like the rest of the aviation industry, has been hit hard by the coronavirus pandemic, which forced vast swathes of the global population to stay at home, and put business travel and vacations on hold. Prior to the pandemic, EasyJet carried more than 28 million passengers in 2019.

The company was one of the first to ask the U.K. government for a bailout to prevent financial collapse.

The ICO said last year that it intended to fine British Airways a record £183 million ($230m) after a data breach exposed the booking details of 500,000 customers. Hackers had siphoned off thousands of credit card numbers after installing skimming malware on its website.