Budget airline easyJet has been the target of a "highly sophisticated" cyber attack, with more than 2,000 credit cards placed at risk.

The airline said an investigation found that email addresses and the travel details of approximately 9million customers have been accessed by a third party fraudulent company.

The airline has closed off the unauthorised access, however it said personal details, including card details, may have been compromised.

In a statement, easyJet said that around 2,208 people have had their credit card details accessed.

The company, which was unable to state when the incident occurred, said it has "taken action" to contact those whose card details were accessed.

Many have already been informed while some will be contacted in the "next few days" and at the latest, by May 26.

"There is no evidence that any personal information of any nature has been misused, however .. we are communicating with the approximately 9 million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing," a statement said.

The Information Commissioner’s Office (ICO), the data regulator, has recommended easyJet contact everyone affected because of an increased risk of phishing fraud.

The airline's chief executive, Johan Lundgren, said: "We would like to apologise to those customers who have been affected by this incident.

"Since we became aware of the incident, it has become clear that owing to Covid-19 there is heightened concern about personal data being used for online scams. As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications."