| "Dear Customer, I wanted to write to you personally in regards to a recent cyber security incident at easyJet. As you may have heard, we announced on 19th May 2020 that we were the target of an attack from a highly sophisticated source. As soon as we became aware of the attack, we took immediate steps to manage and respond to the incident, closing off the unauthorised access. We engaged leading forensic experts to investigate the issue and we also notified the National Cyber Security Centre and the Information Commissioner’s Office (ICO). Our investigation found that your name, email address, and travel details were accessed for the easyJet flights or easyJet holidays you booked between 17th October 2019 and 4th March 2020. Your passport and credit card details were not accessed, however information including where you were travelling from and to, your departure date, booking reference number, the booking date and the value of the booking were accessed. We are very sorry this has happened. Please be extra careful about phishing attacks There is no evidence that personal information of any nature has been misused but please do be extra careful if you receive any unsolicited communications, particularly if they claim to be from either easyJet or easyJet holidays. Please note that we will never contact you unprompted to ask for your account details or security information, and we will never ask you to disclose your passwords, or to change your passwords on your easyJet account." |