/ Money

EasyJet cyber-attack: what to do if you’re affected

EasyJet has been hit by a ‘highly sophisticated’ cyber-attack which could have exposed up to nine million people’s details. Here’s what to do if you’re affected.

EasyJet has confirmed that the details involved in a cyber-attack that took place in January could include financial information.

Right now, it’s vital that EasyJet provides clear information on what’s happened and supports all affected customers in taking measures to protect themselves.

The immediate priority must be for EasyJet to ensure all those who’ve had credit card details stolen have been communicated with so they can take swift action with their bank.

EasyJet says that of the 9 million people affected, 2,208 had credit card details stolen and that no passport details were uncovered.

It’s also said ‘there is no evidence that any personal information of any nature has been misused’.

What to do if you’re affected

EasyJet says if you’re a customer whose credit card details were taken you should have already been contacted, while everyone else affected will be contacted by 26 May.

For anyone concerned they could be affected, it’s important to change your password with EasyJet and other websites where you might use the same or similar one. Use our advice to create a secure password.

It’s sensible to also keep a careful eye on your bank accounts and credit report over the coming weeks and report any suspicious activity to you bank as soon as possible. 

You also need to be wary of unexpected emails or phone calls about easyJet, or contact out of the blue from strangers who know more than usual about you.

Fake ‘customer support’ might also start to pop up on social media regarding the breach, as scammers try to take advantage of it.

We’d also strongly recommend that you take the time to read through our guide on data breaches, which explains your rights, as well as further steps you can take,.

Do you think you may have been affected by the data breach? Have you taken steps to protect yourself?


My last EasyJet flight purchase was in EasyJet’s iPhone app using American Express via Apple Pay. Because of the tokenised nature of Apple Pay and a dynamic security code required for each transaction, my card details would be useless to any hacker, as they are different from the card details of the related physical American Express card.

It is likewise worth using Apple Pay whenever possible in high-risk countries like Brazil where card cloning is common. Cloning an Apple Pay card number is useless to the fraudster, because a dynamic security code is needed for a successful transaction. Even better, Apple Pay has no transaction limit, unlike a physical card which has a contactless transaction limit of either £30 or £45. A fingerprint is much harder to copy than a PIN.

Sian Worrall says:
30 May 2020

EasyJet has just contacted me – 30/5/2020! All flight details had been compromised, but not my credit card or passport details. This delay in communicating with me is completely unacceptable. I would not have known anything about it, without the email from WHICH!

Jackie Taylor says:
11 June 2020

we had our data breach and then paypal credit requested fraudulently – can we claim any compensation