EasyJet Suffered Data Breach Exposing 9 Million Travel Records

Last updated September 17, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

EasyJet has admitted that hackers accessed the personal information of 9 million travelers who have trusted them in the past. The network infiltrators carried out what the airline called “a highly sophisticated cyber-attack,” and managed to steal the email addresses and travel details of nine million people. Among them, there were 2,208 records containing credit card details, which were stolen too. What hasn’t been compromised, according to the company, was passport information, which is a positive element in this catastrophe. The airline promised to contact the affected customers, so if you don’t receive an email from them by May 26, 2020, chances are you have not been compromised.

Even in this case, you should keep an eye on your bank account and regularly review your statements. Moreover, be very careful with how you handle unsolicited communications, especially with emails that arrive on your inbox. EasyJet has not provided further details about the nature of the cyber-attack or what exactly they have detected on their network. What they did was to inform the UK’s Information Commissioner’s Office (ICO), who is the data protection regulator responsible for investigating the incident.

Last summer, the ICO imposed a fine of $230 million to British Airways for the exposure of the data of 565,000 travelers. That leak included credit card details, names, and email addresses, which was similar to what has happened with EasyJet. The difference is that the GDPR is in effect now, whereas the British Airways leak occurred in 2018, and thus was subject to less strict laws. All that said, we expect the ICO fine to EasyJet to be a pretty hefty one, although this will depend on the results of the investigation.

EasyJet is already in great trouble due to the ongoing pandemic that has grounded its fleets for a prolonged period. Already, they have requested the Bank of England to issue them a £600 million emergency fund for them to be able to maintain an adequate level of liquidity. They also borrowed an additional $500 million from commercial creditors. In addition to all that, the Cypriot founder of the company, Stelios Haji-Ioannou, stated that they are working on the urgent termination of their £4.5 billion contract with Airbus. All that said, ICO’s penalty and the time it will be imposed may have catastrophic effects on the airline’s existence, and this once again proves why investing enough on cybersecurity should be a priority for all companies out there.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: