Mallorca-based airline, Air Europa, has suffered a data leak that has exposed the payment information of its customers.
The airline email affected customers on October 10 to inform them that their payment data may have been accessed during the cyber attack. This was despite the cyber attack allegedly happening 41 days previously, on August 28.
According to the airline, the cyber security incident was discovered following the detection of suspicious activity on one of its systems. It has not yet been made public how many people were impacted by the data leak.
Information exposed in the hack includes customer’s credit card numbers, expiration dates and CCV codes, despite the storing of CCV codes being against Payment Card Industry Data Security Standard (PCI DSS) regulations. These regulations are required to be put in place to create a secure environment to process, store, accept or transmit payment card information. Violation of these regulations can result in fines or other penalties.
Due to the nature of the data exposed, Air Europa urged all those who had used a credit card to pay for flights to cancel the card “to prevent possible fraudulent use of your information”, although the airline also stated that there was no evidence that the breach had been “ultimately used to commit fraud”.
The airline also stated that no other personal information had been exposed in the data breach, and that it had informed the relevant authorities.