Spanish airline, Air Europa, has revealed that its online payment system has suffered a cyberattack that left some of its customers’ credit card details exposed.
The affected customers have been alerted, and the relevant financial institutions have been notified. Air Europa did not specify the number of customers affected, nor has the airline estimated the financial impact of the cyberattack.
According to Reuters, the Madrid-based company has announced that no other information was exposed. Possible motives for the breach are still being investigated, with the airline saying that there was “no evidence that the breach was ultimately used to commit fraud”.
An email received by an Air Europa customer advised that the card used to pay on the Air Europa website should be cancelled and replaced to prevent possible fraudulent use of their information, following the incident.
Spain’s Organization of Consumers and Users (OCU) advised users who received the email to follow Air Europa’s instructions, and also called on the country’s data protection watchdog to investigate the timeframe of the cyberattack in case unauthorised use of the exposed cards pre-dated the company’s alert.
This isn’t the first time Air Europa has suffered a breach. The OCU revealed in a statement that the airline was fined in 2021 for mishandling a breach that affected nearly 500,000 customers in 2018. Despite companies being required to report such breaches within three days, Air Europa reported that incident 41 days after it happened.
Air Europa is in the process of being taken over by owner of British Airways, International Consolidated Airlines Group.