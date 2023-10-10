Air Europa is sending an email to its customers informing them of a cyber attack. The airline explains that they have had a cybersecurity problem that would have affected their payment environment with which they manage purchases through the web.

Given the “risk of card theft and fraud that this incident may entail”, it is asking customers to cancel credit cards that have been used for payments with Air Europa, since these data could have been stolen.

Air Europa suffers a serious cyber attack again

As described in the emails sent to customers, the affected data would be the number of various cards, their expiration dates and CVV. Sufficiently sensitive information to recommend contacting the bank and requesting cancellation of the card to avoid potential misuse.

In response to Xataka, Air Europa explains that “said fraudulent alteration of the flow in the payment process would have allowed the extraction of credit card data”, but that “there is no evidence that the leak ended up being used to commit any fraud.”

The airline’s team continues to analyze what happened and has already intervened to block the security breach, so it is not expected that there will be a leak of new data.

They insist that “to date there is no evidence that said data, which is not stored in our systems, has been used to commit any fraud. The data extracted has been exclusively associated with the cards themselves and not with the clients “.

As required by law, Air Europa has notified the facts in a timely manner to both the Spanish Data Protection Agency (AEPD), INCIBE, AESA, the financial entities, as well as the affected customers, who have received these recommendations to minimize the incidence.

It is not the first hack that Air Europa has suffered. In 2018, the data of 489,000 customers was stolen, among which was information from their bank cards. Among them, it was reported that some 4,000 credit cards had been used to commit fraud. That fact led to a fine of 600,000 euros by the AEPD for including the data protection law. We will have to wait to know the scope of the new cyberattack.

Image | Victor