The Spanish airline Air Europa suffered a cyber attack on its online payment system that left some of its customers’ credit card data exposed, the company said in a statement last Thursday, 21.
The company sent emails to customers who had their credit card information stolen and notified financial institutions, according to the statement. Air Europa says in the email that the data breach also exposed customers’ names, dates of birth, nationalities, identity cards and passport information and phone numbers. However, it did not specify the number of customers affected, nor did it estimate the financial impact of the cyber attack. The company said no other information was exposed.
Spanish consumer association OCU recommended that users who receive the email follow Air Europa’s advice and called on the country’s data protection watchdog to investigate when the cyber attack occurred, as the unauthorized use of the exposed cards may predate the company’s alert.
In 2021, the airline was fined for mishandling another breach that affected 489,000 customers in 2018, according to Spanish consumer association OCU. Air Europa reported this incident 41 days after it occurred, while companies are obliged to do so within 72 hours.
The Air Europa data breach comes as London and Madrid-listed International Consolidated Airlines Group seeks approval from antitrust regulators to acquire the remaining 80% stake it does not already own in Air Europa for €400 million (about US$434.5 million).
Source: CisoAdvisor