Easyjet has admitted to being hacked in January 2020, with nine million customers affected.
It has informed the UK's data protection regulator, the Information Commissioner's Office, and its investigations are apparently ongoing.
The budget airline released a statement earlier today.
"We take issues of security extremely seriously and continue to invest to further enhance our security environment.
"There is no evidence that any personal information of any nature has been misused, however, on the recommendation of the ICO, we are communicating with the approximately nine million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing."
Tim Sadler, CEO at Tessian, warned those affected to be extra vigilant in the coming days and weeks.
"EasyJet customers are now at greater risk of phishing scams following this cyberattack, and people need to be wary of emails they receive purporting to come from the airline company. Always check the sender name and email address match up and if you're being asked to carry out an urgent action, verify the legitimacy of the request by contacting EasyJet directly using details on their website.
"Unfortunately, it was only a matter of time before a cyber attack of this scale crippled a large organisation, and the attack should act as a warning to all organisations that no one is safe from a severe breach of data. Cybercriminals have not missed a trick to capitalize on the COVID-19 crisis, and we've seen a huge increase in the number of cyber attacks and scams during this time.
"The travel industry especially has been severely impacted by COVID-19, and there's no telling how much more damaging this cyber breach will be to EasyJet's future. Moving forward, organisations should prioritise security protocols, implement sophisticated protection software, and ensure all employees are aware of security best practices, and carrying them out at all times."
The news comes shortly after reports of supercomputers across Europe being compromised by hackers.
The Travelex ransomware raises the question, once again, of whether organisations should be obliged to provide more information
No zero-days patched in the latest release
Attack, which came as firm was preparing for Covid measures, was a 'perfect storm' CEO says
Make passwords at least 13 characters long and protect email with a strong passphrase, police advise
With Covid-19 related fraud through the roof it's time to review password policy, says South East Regional Organised Crime Unit
Cybercrime is rising sharply as opportunistic and immoral criminals take advantage of the disruption