Article Details
Scrape Timestamp (UTC): 2023-10-10 17:46:04.169
Original Article Text
Click to Toggle View
Air Europa data breach: Customers warned to cancel credit cards. Spanish airline Air Europa, the country's third-largest airline and a member of the SkyTeam alliance, warned customers on Monday to cancel their credit cards after attackers accessed their card information in a recent data breach. "We inform you that a cybersecurity incident was recently detected in one of our systems consisting of possible unauthorized access to your bank card data," Air Europa said in emails sent to affected individuals and seen by BleepingComputer. "We have secured our systems, guaranteeing the correct functioning of the service. Additionally, we have made the due notifications to the competent authorities and necessary entities (AEPD, INCIBE, banks, etc.)." The credit card details exposed in the breach include card numbers, expiration dates, and the 3-digit CVV (Card Verification Value) code on the back of the payment cards. Air Europa also warned affected customers to ask their banks to cancel their cards used on the airline's website due to "the risk of card spoofing and fraud" and "to prevent possible fraudulent use." Customers were also advised not to provide their personal info or card PINs to anyone contacting them over the phone or via email and not to open any links in emails or messages warning them of fraudulent operations involving their cards. Number of affected customers remains unknown The company has yet to reveal how many of its customers were affected by the data breach, the date its systems were breached, and when the incident was detected. An Air Europa spokesperson was not available for comment when contacted by BleepingComputer earlier today. Two years ago, in March 2021, the airline was also fined €600,000 by the Spanish Data Protection Agency (DPA) for violations of the European Union's General Data Protection Regulation (EU GDPR) and for notifying the privacy watchdog of the data breach more than 40 days later. The 2021 data breach affected roughly 489,000 individuals, with the attackers gaining access to their contact and bank account details (card numbers, expiration dates, and CVV codes) stored in 1,500,000 data records. While criminals used around 4,000 bank cards' data in fraudulent activities, Air Europa classified the breach as a medium-risk incident and chose not to inform the affected individuals.
Daily Brief Summary
Spanish airline Air Europa has suffered a data breach, exposing customer's credit card details including card numbers, expiry dates and CVV codes. The company has urged impacted customers to cancel their cards to prevent potential fraudulent use.
The company has not yet disclosed the number of affected customers or detailed when the breach occurred and was detected. A representative was not available for comment.
The airline alerted relevant authorities and entities (AEPD, INCIBE, banks etc.) and assured customers that systems have been secured.
Customers are being warned not to provide personal or card PIN details to anyone contacting them via phone or email, and not to click any links in emails or messages warning of fraudulent operations concerning their cards.
This is not the first data breach for Air Europa; in March 2021, the company was fined €600,000 by Spain's DPA for infringing GDPR regulations and for late notification of a breach that affected around 489,000 individuals. In that breach, the stolen credit card data of approximately 4,000 customers was used fraudulently.