The personal data of approximately nine million EasyJet customers has reportedly been stolen in a major hack. The budget airline confirmed Tuesday that the “highly sophisticated” attackers made off with email addresses and travel details for millions of customers, as well as credit card information for 2,208 of them.

“This was a highly sophisticated attacker. It took time to understand the scope of the attack and to identify who had been impacted,” EasyJet said to the BBC.

“We could only inform people once the investigation had progressed enough that we were able to identify whether any individuals have been affected, then who had been impacted and what information had been accessed.”

England-based EasyJet has contacted all affected customers and is also working the U.K. Information Commissioner (ICO) and National Cyber Security Centre to resolve the situation.

The company claims that there is currently “no evidence” that any of the stolen information has been “misused.”

“Since we became aware of the incident, it has become clear that owing to Covid-19 there is heightened concern about personal data being used for online scams,” CEO Johan Lundgren said in a statement. “As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications.”

EasyJet, in line with the rest of the industry, grounded its entire 334 plane fleet in March. It is unknown at this time when they will resume operations.