Weekly Newsletter

13 October 2023

Weekly Newsletter

13 October 2023

Air Europa suffers credit card data breach

The airline confirmed customers' credit card information had been leaked after a security issue in its "payment gateway".

Noah Bovenizer October 10 2023

Spanish airline Air Europa has confirmed to Airport Technology a cybersecurity breach occurred within its payment gateway, allowing the credit card data of some of its customers to be accessed. 

The latest breach occurred just two years after Air Europa was fined €600,000 for a previous data breach involving customer details.

Though the company did not confirm how many people were affected by the leak or what the exact cause was, it said the data was not associated with customers' other data and only related to the cards themselves. 

A spokesperson told Airport Technology: “Our IT team confirmed the existence of a cybersecurity problem that would have affected the payment gateway used to manage purchases through our website. This fraudulent alteration of the payment process would have allowed the leak of credit card data. 

“There is no evidence that this leak was ultimately used to commit any fraud. The detection and rapid intervention of the team for the deployment of the protocol established in our Response Plan has allowed us to block the security breach and prevent the leakage of new data.” 

In addition to informing customers, which led to many posting online about their experience, the company said it notified the relevant authorities and financial institutions “in due time and form” before Air Europa had publicly confirmed the leak. 

https://twitter.com/stugalek/status/1711637636639555808

The airline is the third biggest in Spain, with routes to over 130 destinations around the world. The company is currently in the process of acquisition by the International Airline Group which also owns the Spanish flag-carrier airline Iberia. 

In 2021 Air Europa was fined €600,000 for a "security breach" which led to a huge data loss involving customer details.

The Spanish Data Protection Authority (AEPD) said the failure allowed "unauthorised access to contact details and bank accounts, affecting approximately 489,000 individuals and 1,500,000 data records."

On top of a €500,000 fine for breaching General Data Protection Regulation (GDPR) rules on protecting clients' data, the airline was fine €100,000 for a delay of more than 41 days before it notified the AEPD.

The latest leak comes soon after two other major airlines, Southwest and American, reported a data breach from a third-party recruitment software company that affected thousands of pilot and cadet applicants.

Cybercriminals are attracted to a wealth of personal data making the travel sector a prime target

The T&T sector is becoming increasingly digitalized, embracing emerging technologies such as AI, IoT, and cloud. As the digital ecosystems of companies grow, they become more vulnerable to cyberattacks. The industry is fragmented, thereby increasing the number of potential entry points for attackers to exploit. Per GlobalData estimates, cybersecurity revenues in the T&T sector are forecasted to reach $3.5 billion by 2026.

Newsletters by sectors

close

Sign up to the newsletter: In Brief

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Thank you for subscribing

View all newsletters from across the GlobalData Media network.

close