EasyJet became a target of a cyberattack, the airline revealed on May 19, 2020. The attackers accessed personal data of 9 million customers, including credit card details of over 2,000 passengers, the airline said. 

While the data breach mostly involves email addresses and travel details, the hackers also accessed credit card details of 2,208 customers.

The low-cost carrier plans to contact and notify the affected passengers within a week, by May 26, 2020. Passengers whose personal data was not compromised during the cyber-incident, would not be contacted. 

“We take issues of security extremely seriously and continue to invest to further enhance our security environment,” the airline wrote in a statement, adding that there was no evidence that any personal information had been misused already.

“We would like to apologise to those customers who have been affected by this incident,” said EasyJet Chief Executive Officer Johan Lundgren.

In the past, cyber attacks have targeted multiple aviation companies, from manufacturers like Airbus or Rolls-Royce, to airlines. For instance, Virgin America (now part of Alaska Airlines) implemented new cyber-security measures after personal details of 3,100 of its employees and contractors were stolen during a cyber-attack in March 2017.

In 2018, Cathay Pacific suffered what was then one of the worst data breaches in aviation. The hackers accessed the personal details of 9.4 million Cathay Pacific and its subsidiary Hong Kong Express clients, including no less than 860,000 passport numbers, about 245,000 Hong Kong identity card numbers, 403 expired credit card numbers, and 27 credit card numbers with no card verification value (CVV).

More recently, in July 2019, the Information Commissioner’s Office (ICO) proposed to fine British Airways £183.39 million ($229.64 million), following the leak of 500,000 customers’ details during the cyber attack on its website and app in 2018.