Spanish airline Air Europa has experienced a cyberattack on its online payment system, resulting in the exposure of certain customers’ credit card information, the company reported on October 10th.
Furthermore, while the airline promptly contacted affected customers and informed relevant financial institutions, it refrained from disclosing the exact number of impacted individuals or estimating the financial repercussions of the breach. Fortunately, Air Europa asserts that no other sensitive information was compromised, and there is no evidence suggesting that the breach was used for fraudulent purposes.
Nonetheless, customers whose credit card details were affected received an advisory email recommending the cancellation and replacement of their payment cards to prevent potential misuse of their information.
At the same time, in response to the incident, the Spanish consumer association OCU has endorsed Air Europa’s advice and urged the country’s data protection watchdog to investigate the timing of the cyberattack.
Additionally, the concern arises from the possibility of unauthorized use of the exposed credit cards predating the company’s alert. This security breach follows a previous incident in 2018, where Air Europa faced fines for delayed reporting. In that instance, the airline reported the breach 41 days after it occurred, violating the requirement for companies to do so within 72 hours. Additionally, it’s important to note that Air Europa is currently in the process of being acquired by the International Consolidated Airlines Group (ICAG.L), adding a layer of complexity to the situation.