Air Europa, a Spanish airline, has experienced a cyberattack on its online payment system, resulting in the exposure of some customers' credit card details, the company announced on Tuesday. Customers whose credit card information was compromised were contacted via email and the relevant financial institutions were informed.
.gif)
The airline did not provide details on the number of customers affected or the financial implications of the cyberattack. The company assured that no other data was compromised. The airline stated that there is no evidence to suggest that the breach led to any fraudulent activities.
An email sent to an Air Europa customer, which was viewed by Reuters, recommended canceling and replacing the card used for payment on the Air Europa website to avoid potential fraudulent use of their information following the incident. The Spanish consumer association OCU advised users who received the email to heed Air Europa's advice and urged Spain's data protection watchdog to investigate when the cyberattack took place as unauthorized use of the exposed cards could have occurred before the company's alert.
In 2021, Air Europa was penalized for mishandling another breach in 2018 that affected 489,000 customers, according to a statement by OCU. The airline reported that incident 41 days after it occurred, despite companies being required to report such incidents within 72 hours. Air Europa, based in Madrid, is currently undergoing a takeover by International Consolidated Airlines Group, the owner of British Airways.
