Low-cost carrier EasyJet will be contacting nine million customers this week to notify them of a major security breach of its passenger database.
The Europe-based airline says the attack captured names, email addresses and travel details, including 2,200 customers that had their credit card details stolen.
At this stage there is no evidence of any personal information having been misused, EasyJet says in a statement.
The attack came from a "highly sophisticated source" but access has now been closed off.
The BBC reports that the incident first came to light in January this year and that EasyJet only informed those passengers whose financial details have been exposed some three months later.
A statement from EasyJet continues: "We are advising customers to continue to be alert as they normally would be, especially should they receive any unsolicited communications.
"We also advise customers to be cautious of any communications purporting to come from EasyJet or EasyJet Holidays."
The incident is the latest in a growing number of data breaches at travel companies, affecting high profile brands such as the 500 million accounts that were hack at Marriott/Starwood over four years and British Airways in 2018.
Ben Todd, vice president of worldwide sales at secutity specialist Nomidio, says: "The easyJet data breach further demonstrates that even well run companies are unable to protect our personal data.
"In the first six months of 2019 alone 4.1 Billion personal ID records were stolen, some through poor data management, many through sophisticated, targeted attacks. easyJet’s 9 million records are fairly negligible in this context but still likely to result in a significant fine at a time when the company’s planes are grounded.
"The definition of insanity is doing the same thing over and over again and expecting a different result. Yet when it comes to Identity this is exactly what businesses are doing because there really haven’t been any other options apart from adding another layer of security and hoping that the humans in the process don’t mess up."