Hackers have stolen the data of millions of EasyJet customers, including thousands of credit card numbers.

In a statement, the budget airline said a “sophisticated source” had accessed the email address and travel details of approximately 9 million customers, and the credit card details of 2,208.

EasyJet did not say when the attack took place. It said it was contacting all customers affected to offer support, and was working with the UK Information Commissioner’s Office (ICO) and National Cyber Security Centre.

EasyJet CEO Johan Lundgren apologised for the security breach, adding: “Since we became aware of the incident, it has become clear that owing to Covid-19 there is heightened concern about personal data being used for online scams

“As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.”

The Information Commissioners Office said that an investigation was ongoing adding: “People have the right to expect that organisations will handle their personal information securely and responsibly. When that doesn’t happen, we will investigate and take robust action where necessary.”

“Anyone affected by data breaches needs to be particularly vigilant to possible phishing attacks, and scam messages.”