Spanish airline Air Europa has confirmed to Airport Technology a cybersecurity breach occurred within its payment gateway, allowing the credit card data of some of its customers to be accessed.
The latest breach occurred just two years after Air Europa was fined €600,000 for a previous data breach involving customer details.
Though the company did not confirm how many people were affected by the leak or what the exact cause was, it said the data was not associated with customers’ other data and only related to the cards themselves.
A spokesperson told Airport Technology: “Our IT team confirmed the existence of a cybersecurity problem that would have affected the payment gateway used to manage purchases through our website. This fraudulent alteration of the payment process would have allowed the leak of credit card data.
“There is no evidence that this leak was ultimately used to commit any fraud. The detection and rapid intervention of the team for the deployment of the protocol established in our Response Plan has allowed us to block the security breach and prevent the leakage of new data.”
In addition to informing customers, which led to many posting online about their experience, the company said it notified the relevant authorities and financial institutions “in due time and form” before Air Europa had publicly confirmed the leak.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData
The airline is the third biggest in Spain, with routes to over 130 destinations around the world. The company is currently in the process of acquisition by the International Airline Group which also owns the Spanish flag-carrier airline Iberia.
In 2021 Air Europa was fined €600,000 for a “security breach” which led to a huge data loss involving customer details.
The Spanish Data Protection Authority (AEPD) said the failure allowed “unauthorised access to contact details and bank accounts, affecting approximately 489,000 individuals and 1,500,000 data records.”
On top of a €500,000 fine for breaching General Data Protection Regulation (GDPR) rules on protecting clients’ data, the airline was fine €100,000 for a delay of more than 41 days before it notified the AEPD.
The latest leak comes soon after two other major airlines, Southwest and American, reported a data breach from a third-party recruitment software company that affected thousands of pilot and cadet applicants.