Spanish airline Air Europa, the nation’s third-largest airline and a member of the SkyTeam alliance, warned prospects on Monday to cancel their bank cards after attackers accessed their card data in a latest data breach.
“We inform you {that a} cybersecurity incident was lately detected in one in all our methods consisting of potential unauthorized entry to your financial institution card knowledge,” Air Europa mentioned in emails despatched to affected people and seen by BleepingComputer.
“Now we have secured our methods, guaranteeing the proper functioning of the service. Moreover, we’ve got made the due notifications to the competent authorities and vital entities (AEPD, INCIBE, banks, and so forth.).”
The bank card particulars uncovered within the breach embody card numbers, expiration dates, and the 3-digit CVV (Card Verification Worth) code on the again of the fee playing cards.
Air Europa additionally warned affected prospects to ask their banks to cancel their playing cards used on the airline’s web site as a result of “the chance of card spoofing and fraud” and “to stop potential fraudulent use.”
Prospects had been additionally suggested to not present their private data or card PINs to anybody contacting them over the cellphone or by way of e mail and to not open any hyperlinks in emails or messages warning them of fraudulent operations involving their playing cards.
Variety of affected prospects stays unknown
The corporate has but to disclose what number of of its prospects had been affected by the data breach, the date its methods had been breached, and when the incident was detected.
An Air Europa spokesperson was not obtainable for remark when contacted by BleepingComputer earlier at this time.
Two years in the past, in March 2021, the Spanish Data Safety Company (DPA) additionally fined €600,000 the airline for violations of the European Union’s Basic Data Safety Regulation (EU GDPR) and for notifying the privateness watchdog of the data breach greater than 40 days later.
The 2021 data breach affected roughly 489,000 people, with the attackers having access to their contact and checking account particulars (card numbers, expiration dates, and CVV codes) saved in 1,500,000 knowledge information.
Whereas criminals used round 4,000 financial institution playing cards’ knowledge in fraudulent actions, Air Europa categorised the breach as a medium-risk incident and selected to not inform the affected people.