Pierluigi Paganini October 11, 2023

Airline Air Europa disclosed a data breach and warned customers to cancel their credit cards after threat actors accessed their card information.

Air Europa is a Spanish airline and a subsidiary of the Globalia Corporation. It operates as a full-service carrier, providing passenger and cargo services to various destinations, both domestic and international.

Air Europa has disclosed a data breach and issued a warning to its customers, advising them to cancel their credit cards due to unauthorized access by threat actors to their card information.

The company hasn’t revealed the number of impacted customers.

Financial data exposed in the security incident includes credit card details (card numbers, expiration dates, and the CVV (Card Verification Value) code).

“A cybersecurity incident was detected in one of our systems and consists of unauthorized access to your bank card data, specifically the following information:

• The number of the credit card that ends with XXX•
• The expiration data of the said card.
• The CVV of the card

From the first moment, we have engaged all our resources to contain the incident, adopting all the necessary technical and organizational measures. Thanks to this, we have secured our systems, guaranteeing the operations. Additionally, we have notified the competent authorities and necessary entities.”

Air Europa’s customers are recommended to remain vigilant, threat actors can use the compromised information in spear-phishing attacks and other fraud schemes.

In 2021 Air Europa had been fined €600,000 for a data breach that took place in 2018 and that affected 489,000 customers. The company failed to disclose the incident within 72 hours required under the European GDPR regulation, it took more than 40 days after it occurred.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Air Europa)