In a cyber attack on the online payment system of the Spanish airline Air Europa, attackers stole some customers’ credit card details. The airline explains this in a letter to affected customers. She has not yet said how many customers are affected by the cyber attack or what financial impact this attack could have.
According to Air Europa, there is so far no evidence that the credit card data copied in the cyberattack was used fraudulently, reports Reuters. At the same time, the airline strongly recommends replacing the credit cards with the issuing bank to avoid possible fraud attempts. In addition, Air Europa says it has informed the affected banks and the responsible authorities.
Extensive credit card data stolen
The stolen customer data includes the credit card number, the expiration date and the three-digit security code (Card Verification Value, CVV) printed on the back of the card, which is used to verify online orders. Air Europa warns affected customers not to provide any personal information or PIN numbers to strangers if they are contacted by telephone or email. You should also not access links in emails or direct messages, even if they warn of possible credit card fraud.
Air Europa has not yet explained when the cyberattack occurred or when it was discovered. Spanish companies are required to report any attacks within 72 hours. The Spanish consumer and customer protection organization “Organización de Consumidores y Usuarios” (OCU) is calling on the supervisory authorities to investigate, as possible fraud attempts could have already taken place before the airline’s warning.
Airline fined for earlier cyberattack
Back in March 2021, Air Europa was fined 600,000 euros by the Spanish data protection authority because the airline did not report a cyber attack to regulators until 41 days later. Air Europa recognized the hacking and malware attack on October 17, 2018, but did not inform the authorities until November 27 of that year, as the data protection authority writes.
Although 489,000 people were affected by the cyber attack at the time, in which customer and bank details were stolen, only 4,000 bank cards were said to have been used for possible fraud attempts. The airline therefore classified the 2018 attack as medium risk and refrained from warning customers, unlike in the most recent case.
To the homepage
#Credit #card #details #exposed #cyber #attack #Spanish #Air #Europa