Data breaches are happening everywhere. Threat actors have been infiltrating all sorts of organizations lately, but there’s no denying that one department seems to be constantly targeted – Airlines. A couple of weeks ago, an unauthorized party managed to infiltrate Air Canada. And now, Air Europa takes the spotlight with a breach of its own.
Airline Europa is a member of the SkyTeam Alliance and Spain’s third-largest airline, which gives an idea about how crucial this breach is. What makes it worse is that this time around, credit card details are exposed.
This is not the first time a breach has occurred within Air Europa’s systems. In fact, it’s also not the first time credit cards were accessed. How did this happen? What did the Airline do about it? Here’s everything we know.
Air Europa Breached: A High-Risk Incident
High-profile companies have been suffering cyberattacks for quite some time now, losing a lot in the process.
When a huge organization gets infiltrated, threat actors tend to harvest crucial data, which can aid them in future attacks on the affected parties.
Recently, Airlines around the world have been constant targets for cybercriminals. We mentioned that Air Canada was the latest, but before that, American Airlines and Indian Airlines – Akasa Air witnessed the same fate.
Unfortunately, unlike the latter, Air Europa’s breach exposed credit card information. The company sent emails to the affected individuals, warning them about the risk of card spoofing and fraud.
As a result, Air Europa urged everyone to cancel their credit cards immediately in order to prevent possible fraudulent use.
“At AIR EUROPA we are committed to the security and privacy of our customers. In light of this, we work daily to apply the best practices in the sector and comply with current regulations.
In accordance with this commitment, we inform you that a cybersecurity incident was recently detected in one of our systems consisting of possible unauthorized access to your bank card data, specifically the following:
• The number of the bank card ending in 9004.
• The expiration date of that card.
• The CVV of the card.
From the first moment we have put all our resources to contain the incident, adopting all the necessary technical and organizational measures.
Thanks to this, we have secured our systems, guaranteeing the correct functioning of the service. Additionally, we have made the due notifications to the competent authorities and necessary entities (AEPD, INCIBE, banks, etc.).Source: Air Europa
Note that this is not the first breach Air Europa had to go through. In fact, the company was fined €600,000 by the Spanish Data Protection Agency (DPA) back in 2021 for violating EU GDPR.
Back then, threat actors accessed bank accounts and used them in malicious activity, while Air Europa deemed the attack as medium-risk and decided not to inform affected individuals.
Not Your Average Mid-Risk Incident
Back in 2021, Air Europa suffered a breach and didn’t inform its customers. Now, the situation is different, but the results are the same – threat actors managed to steal credit card details.
The company is urging everyone to cancel their credit cards to prevent any future damage. We highly recommend that as well.
Cybercriminals can use your credit card for all sorts of malicious practices. Be careful and remain vigilant. Don’t share any personal information with anyone who contacts you via email or phone calls.