Nine million customers' details stolen in easyJet cyber-attack

Updated: Jan 25, 2021

As widely reported in this week’s media, the airline group, easyJet has been subject to a “highly sophisticated cyber-attack”, affecting approximately nine million easyJet customers whose email addresses and travel details have been stolen by the attackers – with over 2,000 credit card details accessed.

easyJet first became aware of the attack in January 2020, however, they were only able to notify customers who had been affected in April 2020. easyJet have now revealed details of the recent attack to warn the public about phishing.

For the millions of customers compromised in this cyberattack they will need to change passwords and be extra vigilant regarding any unexpected transactions: cybercriminals will no doubt re-target the affected customers, posing as easyJet, banks, or the authorities and claim to be ‘dealing’ with the attack.

Here at the NEBRC, we encourage everyone to be alert and aware of potential cyber-attacks.

See our top tips below to help ensure you are more cyber secure:

1. If you have been compromised by a cyber-attack, make sure you know which password and bank account details you used.

2. Change any account where you have used that same password. Criminals behind the attack may have stolen other personal details and could try to use the password on other sites used by you. You should also inform your bank that your details might have been stolen in the attack.

3. Read our guidance on setting new passwords, which you can find on our website (this is around using three random words in your password).

4. Have separate passwords wherever possible. To help you do this, you may want to use a password manager.

5. Set up two-factor authentication on your accounts that allow it (for example, this is when you may get a text with a code to the mobile number associated with your account, to be able to log on).

6. Keep an eye out for an increase in phishing emails. These are emails which might look legitimate but will contain links or a message wanting you to click on something. If clicked, these could steal sensitive data or send you to bogus websites, which could download viruses onto your computer.

7. If you are uncertain about an email you have received, don’t be afraid to pick up the phone and contact the sender to ask if the email is genuine. Especially if you are asked to click on links, open attachments and divulge personal or sensitive information.

If you would like to increase your general awareness of phishing or other Cyber Security topics, please visit the resources page on our website at