Excerpt from BleepingComputer  Article – Published on Oct 10, 2023

Air Europa, Spain’s third-largest airline and a member of the SkyTeam alliance, issued a cautionary notice on Monday urging customers to promptly cancel their credit cards. The airline fell victim to a recent data breach where attackers gained unauthorized access to sensitive card information.

In emails sent to affected individuals, Air Europa disclosed, “We inform you that a cybersecurity incident was recently detected in one of our systems consisting of possible unauthorized access to your bank card data.” The compromised data includes card numbers, expiration dates, and the CVV code, heightening concerns about potential fraudulent activities.

Air Europa assured customers that their systems are now secure, with notifications made to relevant authorities, including AEPD, INCIBE, and banks. However, the airline did not disclose the number of affected customers, the breach date, or when the incident was discovered.

This is not the first time Air Europa faces data protection challenges. In March 2021, the Spanish Data Protection Agency fined the airline €600,000 for breaching the European Union’s General Data Protection Regulation (EU GDPR). The 2021 breach impacted approximately 489,000 individuals, exposing contact and bank account details. Despite the severity, Air Europa classified it as a medium-risk incident, opting not to inform affected individuals.

Customers are now advised to cancel cards used on the airline’s website to mitigate the risk of card spoofing and fraud. Air Europa also emphasized caution against sharing personal information or card PINs and refraining from opening suspicious links in emails or messages related to fraudulent card activities. The airline’s spokesperson has not provided further details on the recent breach at the time of reporting.

To delve deeper into this topic, please read the full article on BleepingComputer.