Air Europa Announces Potential Compromise of Customer Data

Air Europa, a prominent Spanish airline, has announced a potential compromise of its customers’ data following a security incident detected in October of the previous year.

This incident has raised alarms over the safety of personal information in the aviation sector, prompting a swift response from the company and its stakeholders.

Data Breach Details

The breach was first detected in October, and subsequent investigations by Air Europa have revealed that a significant amount of personal customer data may have been exposed.

According to an email sent to its customers, Reuters later saw that the compromised data included sensitive information such as names, ID card or passport details, dates of birth, telephone numbers, email addresses, and nationalities.


Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities. :

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, which helps you to quantify risk accurately:

This incident marks a significant concern for Air Europa customers, as malicious entities could potentially misuse the leaked information.

Company Response

Upon detecting the breach, Air Europa acted promptly, reporting the incident to the relevant authorities and notifying its customers to take necessary precautions.

The airline has emphasized its commitment to security: “Air Europa continues to implement preventative measures in what is an ongoing process of security innovation given increasing incidents.”

This statement reflects the airline’s dedication to enhancing its security measures in response to the growing threat of cyber attacks.

Air Europa recently confirmed that it suffered a data breach in October, which may have compromised its customers’ data, as USNews reported.

IAG’s Statement

The Wall Street Journal, which first reported the news, attributed a statement to the International Consolidated Airlines Group (IAG), which holds a 20% stake in Air Europa.

IAG clarified its position by telling Reuters that it “would never email (Air Europa’s) customers directly.”

This response highlights the complex relationship between Air Europa and its stakeholders and the coordinated effort to address the breach.

A cybersecurity researcher, Troy Hunt, recently tweeted that AirEuropa started sending breach notifications for security incidents last year.

Previous Cyber Attack

This is not the first time Air Europa has faced a cyber security challenge.

In October, the airline suffered an attack on its online payment system, exposing some customers’ credit card details.

Although the company stated that no other information was compromised, the number of affected customers was not disclosed.

This previous incident underscores the ongoing cyber security challenges faced by Air Europa and the aviation industry.

The potential compromise of customer data at Air Europa serves as a stark reminder of the vulnerabilities present in the aviation sector’s digital infrastructure.

As the company and its stakeholders, like IAG, navigate through the aftermath of this incident, the focus on enhancing cyber security measures has never been more critical.

With the airline industry increasingly relying on digital technologies, protecting customer data must be a top priority to maintain trust and ensure the safety of personal information.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.