(Adds more details)
LONDON, May 19 (Reuters) - A cyber attack on British airline
easyJet accessed the email and travel details of around
nine million customers, as well as the credit card details of
more than 2,000 of them, it said on Tuesday.
The news of the late January attack means the budget
airline, which has grounded most of its flights due to the
COVID-19 pandemic and is locked in a long-running battle with
its founder and biggest shareholder, could face a hefty fine.
British Airways, which was hit in 2018 with the theft of
hundreds of thousands of credit card details, is still appealing
a fine from the Information Commissioner's Office (ICO) of 183.4
million pounds ($225 million).
"Since we became aware of the incident, it has become clear
that owing to COVID-19 there is heightened concern about
personal data being used for online scams," Chief Executive
Officer Johan Lundgren said.
"As a result, and on the recommendation of the ICO, we are
contacting those customers whose travel information was accessed
and we are advising them to be extra vigilant, particularly if
they receive unsolicited communications."
EasyJet said it did not look like any personal information
had been misused. It has engaged leading forensic experts to
investigate the issue and has also notified the National Cyber
Security Centre.
"We would like to apologise to those customers who have been
affected by this incident," Lundgren said.
Hackers around the world have stepped up their efforts in
recent months, taking advantage of the pandemic to trick people
into revealing their passwords and other sensitive data.
Government officials have also warned of greater risks as people
working from home create opportunities for hackers.
EasyJet shares, down 64% in three months, were down 3% at
1225 GMT.
($1 = 0.8167 pounds)
(Reporting by Kate Holton; additional reporting by Jack Stubbs;
editing by Guy Faulconbridge and Mark Potter)