Air Europa customers urged to cancel cards following hack on payment system

Customers of Spanish airline Air Europa were on Tuesday advised by the company to cancel their credit cards following a cyberattack affecting its online payment system.

The company, based on the island of Mallorca, did not announce how many customers were affected nor when the attack took place.

In a statement reported by Reuters, the airline said: “There is no evidence that the breach was ultimately used to commit fraud.” There was no information about the nature or source of the cyberattack.

Affected customers are being emailed by the airline, as are relevant financial institutions. Customers are warned that any bank cards used to pay on its website should be canceled and replaced “to prevent possible fraudulent use of your information.”

Air Europa had previously been fined in 2021 for mishandling another data breach, dating back to 2018, affecting 489,000 customers.

In that incident the company only reported the breach 41 days after it occurred, well outside of the 72 hours required under the European Union’s GDPR legislation.

2018 was a bumper year for data breaches affecting airlines, with the United Kingdom’s British Airways being initially issued a record £183 million ($224 million) fine for an incident involving payment card and personal data. The penalty was subsequently dropped to £20 million ($24.5 million).