A leading Spanish airline has told some of its customers to cancel their payment cards after revealing their details were compromised in a data breach.
Angry customers took to X (formerly Twitter) to share emails sent by Air Europa in Spanish and English. It explained that their long card number, CVV number and expiry date were “recently” compromised following the discovery of unauthorized access in “one of our systems” – although it failed to specify which.
“Given the risk of card spoofing and fraud that this incident could entail, and in order to protect your interests, we recommend that you … request the cancellation/replacement of that card in order to prevent possible fraudulent use of your information,” the email continued.
There’s no word from the airline on how many customers may have been impacted and the potential financial fallout from the breach, according to Reuters.
However, an Air Europa statement sent to the newswire claimed: “There is no evidence that the breach was ultimately used to commit fraud.”
That would seem to be wishful thinking.
Read more on airline breaches: Breach at Indian Airline Affects 1.2 Million Passengers
It’s unclear how the hackers managed to compromise Air Europa’s systems, although given the focus on card data it may have been a Magecart attack. As reported by Infosecurity yesterday, digital skimming raids are becoming increasingly sophisticated.
Pedro Fortuna, CTO and co-founder of Jscrambler, argued that organizations should layer up defenses to reduce the likelihood of breaches.
“Companies must prioritize proactive and robust cybersecurity measures to mitigate the risk of data breaches before they happen, by monitoring their full infrastructure for vulnerabilities, conducting regular security assessments and staying up to date with the latest news,” he added.
Air Europa has been in trouble before: it was fined €600,000 after failing to notify customers of a 2021 breach involving about half a million of them.
Editorial image credit: dhvstockphoto / Shutterstock.com