Air Europa Breach Exposes Full Credit Card Details

Air Europa, Spain's esteemed airline and a member of the global SkyTeam alliance, has recently been subjected to a severe cyberattack on its online payment system. This breach has exposed the full credit card details of an undisclosed number of its customers, sounding alarms across the cybersecurity community and reigniting concerns over the airline's data protection protocols.

The exposed credit card data encompasses card numbers, expiration dates, and the highly sensitive 3-digit CVV codes. In an email correspondence witnessed by Reuters, the airline explicitly mentioned the possibility of fraudulent use of the exposed information and recommended the cancellation of the affected cards.

Worryingly, this is not the first time Air Europa has found itself in the eye of such a storm. A previous breach in 2018 had jeopardized the data of nearly 489,000 customers. The handling of this previous breach drew criticism and a hefty €600,000 fine from the Spanish Data Protection Agency, as the airline only reported the incident 41 days after the occurrence of the breach. This is in significant violation of the EU's General Data Protection Regulation (GDPR), which mandates reporting of such breaches within 72 hours.

However, the airline moved quickly this time, securing its systems and reaching out to relevant authorities, including the AEPD, INCIBE, and various banks. Customers have been advised not to disclose personal or PIN information to anyone and to remain vigilant against suspicious communications.

Air Europa’s 2018 breach saw the misuse of 4,000 bank cards. Although Air Europa assures that there's no current evidence of the data stolen in the recent breach being misused for fraudulent purposes, history underscores the potential risks involved.

This breach occurs at a transformative period for Air Europa, as the Madrid-based airline is undergoing acquisition proceedings by the British Airways-owner, International Consolidated Airlines Group. It remains to be seen how this incident will influence the airline's standing and the impending takeover.

Industry experts highlight that airlines, due to the vast amounts of data they manage, are attractive targets for cybercriminals. In the wake of these events, there's a renewed call for tightened cybersecurity measures across the aviation sector.

The specific number of affected customers, the exact date of the breach, and other important details remain undisclosed. The Spanish consumer association OCU has urged a thorough investigation and has called upon Spain's data protection watchdog to ascertain the timeline of the cyberattack.