Nine million easyJet passengers have had their travel details accessed by hackers, the airline has announced.
The Luton-based carrier said the figure includes 2,208 customers who had their credit card details exposed.
It insisted there is “no evidence that any personal information of any nature has been misused” due to the cyber attack.
EasyJet has begun contacting affected customers and pledged that they will all be informed by May 26.
The airline did not disclose when the cyber attack took place.
EasyJet chief executive Johan Lundgren said: “We take the cyber security of our systems very seriously and have robust security measures in place to protect our customers’ personal information.
“However, this is an evolving threat as cyber attackers get ever more sophisticated.
“Since we became aware of the incident, it has become clear that owing to Covid-19 there is heightened concern about personal data being used for online scams.
“As a result, and on the recommendation of the ICO (the Information Commissioner’s Office), we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.
“Every business must continue to stay agile to stay ahead of the threat. We will continue to invest in protecting our customers, our systems and our data.
“We would like to apologise to those customers who have been affected by this incident.”
Consumer group Which? said it is "vital that easyJet provides clear information on what has happened and supports affected customers in taking measures to protect themselves.
"The priority must be for it to contact those who've had credit card details stolen so they can take action with their bank."