Email addresses and travel details of 9 million customers were accessed in a cyber attack on British low-cost airline easyJet, the company announced today. Credit card details of 2,208 customers were accessed as per the company’s forensic investigation. No other customers’ passport and credit card details were accessed. The unauthorised access has been “closed off”, and the company has said that there is no evidence that this information has been misused.

By May 26, the company will inform the 9 million customers whose details have been compromised while the company is already in the process of contacting the 2,208 customers whose credit card details were accessed. UK’s National Cyber Security Centre and the Information Commissioner’s Office (ICO) have already been informed.

This is not the first time that the data of a British airline has been breached. In July 2019, British Airways was fined more than £183 million by the ICO after hackers stole the personal data of about half a million of the airline’s customers, according to the BBC. The ICO found that customer details including login, payment card, name, address and travel booking information were harvested by diverting customers to a fraudulent website, and added that the breach occurred because of BA’s “poor security arrangements” to protect customer information.

Earlier this year, a cyber security researcher showed that personal details of more than 1.2 million SpiceJet passengers, including state officials, were vulnerable to data breach.