If you’ve recently flown or made reservations on the British low-cost airline EasyJet, your personal information may be compromised. Per BBC News, the company has admitted that over nine million of its customers have been hacked. Two thousand two hundred eight customers have also had their credit details accessed.

BBC adds that EasyJet has known about the “highly sophisticated cyber-attack” since January, but are only now beginning to disclose this to their customers. The outlet also explains that so far, EasyJet has only notified customers whose credit card details were stolen in early April. Everyone affected will be notified by May 26.

In a statement, EasyJet states, “We take issues of security extremely seriously and continue to invest to further enhance our security environment. There is no evidence that any personal information of any nature has been misused, however, on the recommendation of the ICO, we are communicating with the approximately nine million customers whose travel details were accessed to advise them of protective steps to minimize any risk of potential phishing.”

They also explain the importance of customers being cautious about communication coming from EasyJet or EasyJet Holidays.

ProPrivacy expert Ray Walsh points out that hackers are most likely to try to take advantage of people canceling flights due to the coronavirus. “Anybody who has ever purchased an EasyJet flight is advised to be extremely wary when opening emails from now on. Phishing emails that leverage data stolen during the attack could be used as an attack vector at any point in the future,” he said.

He lastly adds, “As a result, it is important for customers to be vigilant whenever they receive unsolicited emails or emails that appear to be from EasyJet, as these could be fake emails which link to cloned websites designed to steal your data.”