Air Europa, the Spanish airline, revealed a cybersecurity incident where customer data might have been compromised in an event detected in October of the previous year. The data breach potentially exposed sensitive information such as names, ID card or passport details, dates of birth, phone numbers, email addresses, and nationalities, raising concerns about privacy and security. Despite the disclosure to customers via email, uncertainties loom as investigations continue into the scope and impact of the breach on affected individuals.
The Wall Street Journal reported the incident but attributed the statement to the International Consolidated Airlines Group (IAG), which holds a significant stake in Air Europa. In response to the disclosure, IAG clarified that it would not directly contact Air Europa customers, pointing to potential complexities in communication channels within the aviation conglomerate. This incident adds to Air Europa’s cyber woes, as a previous attack on its online payment system led to the exposure of credit card details, highlighting the vulnerabilities in their digital infrastructure.
Notably, the breach comes amidst ongoing negotiations between IAG and Spain’s Globalia for the acquisition of the remaining 80% stake in Air Europa, a deal amounting to 400 million euros. The timing of this breach raises concerns about data security practices during transitional phases within the airline industry. The evolving situation underscores the significance of robust cybersecurity measures and transparency in communication to mitigate risks and reassure customers of the safety of their personal information.
