Air Europa, Spain’s third-largest airline, is notifying customers that cyber criminals have hacked its web portal to steal credit card information, including CVV numbers.
“Our systems team confirmed the existence of a cybersecurity problem that would have affected the payment environment with which purchases are managed through the web,” the airline explains in a security memo issued to customers via email.
The notice doesn’t mention the number of people affected, nor when the hack occurred exactly.
According to reports, the data exposed in the breach includes card numbers, expiration dates, and the three-digit security code (CVV/CVC) used to authorize online payments.
The airline urges affected customers to contact their bank and ask to cancel their credit or debit card “to prevent possible fraudulent use.” It also warns customers to keep an eye out for unsolicited emails or phone calls asking them to click links or give out personal information or card PINs.
“The detection and rapid intervention of the team to apply the protocol established in our response plan has made it possible to block the security breach and prevent the leak of new data,” the company adds.
Air Europa said it has seen no evidence of malicious use of the stolen data (i.e. fraud).
This is not the first time the Spanish airline has mishandled user data. In 2021, the company was fined €600,000 for violating EU data protection laws after suffering a breach that resulted in unauthorized access to contact and bank account details of almost 500,000 customers.
Bitdefender Digital Identity Protection scans the web for unauthorized leaks of your personal data, monitoring if your accounts are exposed and making it easy to take action before disaster strikes. Bitdefender Total Security not only combats malware attacks, but can also protect you from socially-engineered scams and fraud attempts by leveraging anti-fraud and anti-phishing technologies.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsDecember 24, 2024
December 19, 2024
November 14, 2024