Email addresses and travel details of nine million Easyjet customers were compromised in a cyberattack, the airline said on Tuesday.
EasyJet said the "highly sophisticated" attack had also exposed the credit card details of 2,208 customers, who have been contacted and offered support.
The airline said it would be contacted all customers affected by the cyberattack in the next days. All affected customers will be send details on how to minimise any potential risk of phishing by May 26.
Phishing is a cybercrime tactic by which fraudsters pose as representatives of a legitimate company in order to obtain personal data, which may include credit card details or passwords.
It also advised customers to be cautious of any communications purporting to come from easyJet or easyJet Holidays.
"We're sorry that this has happened, and we would like to reassure customers that we take the safety and security of their information very seriously," the company said.
In an announcement on the London Stock Market, Easyjet said that as soon as it became aware of the attack, it took immediate steps to respond to and manage the incident.
It engaged leading forensic experts to investigate the issue and notified the National Cyber Security Centre and the Information Commissioner's Office. It said it has closed off this unauthorised access.
"We take issues of security extremely seriously and continue to invest to further enhance our security environment," it said.
Easyjet flew to seven destinations from Malta until March, when all passenger flights except for repatriation flights were halted due to the COVID-19 pandemic.