Delete
An Air Europa plane. R.C.
Major airline in Spain suffers cyber attack which has exposed customers' bank card details
Crime

Major airline in Spain suffers cyber attack which has exposed customers' bank card details

Air Europa has urged passengers to immediately cancel the payment method used for reservations after the serious data breach which includes the complete number of the card, its expiration date and the CVV (three-digit security code)

Melchor Sáiz-Pardo

Madrid

Tuesday, 10 October 2023, 11:01

Opciones para compartir

A major data security breach at Air Europa, Spain's third-largest airline, has exposed the bank card details of a still undetermined number of customers to hackers.

The company itself, in a mass email sent this Tuesday morning (10 October) to numerous passengers who have recently purchased tickets, urges them to immediately cancel their bank cards, since the cyber attackers have obtained the key data to be able to make purchases with those payment systems. It includes the complete number of the card, its expiration date and the CVV (three-digit security code that is requested in online purchases to certify that the user physically has the card in their possession).

Air Europa has asked its customers to immediately contact their bank to cancel the credit card they have used for payments with their company "given the risk of theft and fraud that this incident could entail."

"In order to protect your interests", Air Europa recommends to its affected customers that, after identifying "the card used to make payment(s) on the Air Europa website", they request "the cancellation/cancellation/replacement of that card." card in order to avoid possible fraudulent use of your information.

Air Europa insisted that the data extracted is "exclusively those associated with the cards themselves and not with the customers." "In no case have cybercriminals accessed other Air Europa databases or extracted other types of personal information from customers," the airline stated.

The airline also reminded its customers that "they should not provide personal information, their PIN, name or any other personal data via telephone, message or email, even when someone identifies themselves as their bank" and that they collect "any proof of possible unauthorised use of your card and report it to the police.

"Our systems team confirmed the existence of a cybersecurity problem that would have affected the payment environment with which purchases are managed through the web," explained the airline which is headed by Jesús Nuño de la Rosa.

Security breach blocked

Air Europa said that, for the moment, "there is no evidence that the data breach was used to commit any fraud." And that this was due to the "detection and rapid intervention of the team for the application of the protocol established in our response plan has made it possible to block the security breach and prevent the leak of new data.

"From the first moment we implemented all our resources to contain the incident, adopting all the necessary technical and organisational measures. Thanks to this, we have secured our systems, guaranteeing the correct functioning of the service. Additionally, we have notified the relevant authorities and entities (AEPD, INCIBE, banking entities, etc.)", stated the air operator.

Reporta un error en esta noticia

* Campos obligatorios