We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Air Europa Breach Exposes Full Credit Card Details

Air Europa Breach Exposes Full Credit Card Details
Author Image Zane Kennedy
Zane Kennedy Published on 13th October 2023 Cybersecurity Researcher

Air Europa, Spain's esteemed airline and a member of the global SkyTeam alliance, has recently been subjected to a severe cyberattack on its online payment system. This breach has exposed the full credit card details of an undisclosed number of its customers, sounding alarms across the cybersecurity community and reigniting concerns over the airline's data protection protocols.

The exposed credit card data encompasses card numbers, expiration dates, and the highly sensitive 3-digit CVV codes. In an email correspondence witnessed by Reuters, the airline explicitly mentioned the possibility of fraudulent use of the exposed information and recommended the cancellation of the affected cards.

Worryingly, this is not the first time Air Europa has found itself in the eye of such a storm. A previous breach in 2018 had jeopardized the data of nearly 489,000 customers. The handling of this previous breach drew criticism and a hefty €600,000 fine from the Spanish Data Protection Agency, as the airline only reported the incident 41 days after the occurrence of the breach. This is in significant violation of the EU's General Data Protection Regulation (GDPR), which mandates reporting of such breaches within 72 hours.

However, the airline moved quickly this time, securing its systems and reaching out to relevant authorities, including the AEPD, INCIBE, and various banks. Customers have been advised not to disclose personal or PIN information to anyone and to remain vigilant against suspicious communications.

Air Europa’s 2018 breach saw the misuse of 4,000 bank cards. Although Air Europa assures that there's no current evidence of the data stolen in the recent breach being misused for fraudulent purposes, history underscores the potential risks involved.

This breach occurs at a transformative period for Air Europa, as the Madrid-based airline is undergoing acquisition proceedings by the British Airways-owner, International Consolidated Airlines Group. It remains to be seen how this incident will influence the airline's standing and the impending takeover.

Industry experts highlight that airlines, due to the vast amounts of data they manage, are attractive targets for cybercriminals. In the wake of these events, there's a renewed call for tightened cybersecurity measures across the aviation sector.

The specific number of affected customers, the exact date of the breach, and other important details remain undisclosed. The Spanish consumer association OCU has urged a thorough investigation and has called upon Spain's data protection watchdog to ascertain the timeline of the cyberattack.

About the Author

Zane is a Cybersecurity Researcher and Writer at vpnMentor. His extensive experience in the tech and cybersecurity industries provides readers with accurate and trustworthy news stories and articles. He aims to help individuals protect themselves through informative content and awareness of cybersecurity's crucial role in today's digital landscape.