A significant data security breach has occurred at Air Europa, Spain's third-largest airline, exposing the bank card details of an undisclosed number of customers to hackers.
The company itself, in a mass email sent on Tuesday, October 10th, to numerous recent ticket purchasers, is urging passengers to take swift action by cancelling their bank cards.
The reason behind this urgent call is that cyber attackers have obtained critical payment data, including the complete card number, expiration date, and CVV (the three-digit security code used to verify card possession during online purchases).
Air Europa has made a direct request to its customers, emphasising the immediate need to contact their banks to cancel the credit cards used for transactions with the airline. The primary concern is to mitigate the risk of theft and potential fraudulent activities arising from this security incident.
In Air Europa's own words, "In order to protect your interests," they recommend affected customers to identify "the card used to make payment(s) on the Air Europa website" and request "the cancellation/cancellation/replacement of that card." This proactive measure aims to prevent any illicit use of their personal information linked to the breach.
The airline is keen to assure its customers that the compromised data solely pertains to the cards themselves and not any personal customer information. As stated by Air Europa, "In no case have cybercriminals accessed other Air Europa databases or extracted other types of personal information from customers."
Air Europa also issues a cautionary reminder to its customers not to disclose personal information, including PINs, names, or any other sensitive data, through telephone calls, messages, or emails, even if the request appears to be from their bank. Customers are encouraged to document any evidence of potential unauthorised card usage and report it to the police.
Explaining the situation, Air Europa's statement notes, "Our systems team confirmed the existence of a cybersecurity problem that would have affected the payment environment with which purchases are managed through the web."
Importantly, Air Europa has found no evidence, at least for the time being, that the data breach was used for fraudulent activities. This positive outcome is attributed to the prompt detection and intervention of the team responsible for implementing their response plan. Their quick actions successfully blocked the security breach and prevented further data leaks.
Air Europa asserts, "From the first moment we implemented all our resources to contain the incident, adopting all the necessary technical and organizational measures. Thanks to this, we have secured our systems, guaranteeing the correct functioning of the service. Additionally, we have notified the relevant authorities and entities (AEPD, INCIBE, banking entities, etc.)"
Air Europa's commitment to addressing the breach responsibly underscores their dedication to ensuring customer data protection and security.
Source: Sur In English - 20minutos
Image Credit: Alan Wilson, CC BY-SA 2.0, via Wikimedia Commons
Updated: January 22, 2024 CET