More data compromised in Air Europa breach

A cyberattack claimed Air Europa as its victim last October, exposing customer credit card details. Now, the airline says that more personal information was exposed than it once thought.

The information that may have been leaked includes names, ID cards or passport details, dates of birth, telephone numbers, email addresses, and details surrounding customers' nationality.

An email was sent out by the airline confirming the possible exposure of clients' personal information, Reuters has verified.

Air Europa claims that the company immediately reported the incident to the authorities and its customers so they could take necessary precautions.

"Air Europa continues to implement preventative measures in what is an ongoing process of security innovation given increasing incidents," it said.

The Wall Street Journal first reported the news but cited the statement to the International Consolidated Airlines Group (IAG).

IAG, which has a 20% stake in Air Europa, told Reuters that it "would never email (Air Europa's) customers directly."

The Spanish airline suffered a cyberattack on its online payment system in October 2023, revealing customers' credit card details.

The company recommended that customers cancel any relevant cards used on the Air Europa website to avoid possible fraudulent use of customers' information.

Yet, the airline claims that there was no evidence that the breach was used to commit fraud.

Air Europa didn’t reveal how many customers were affected by the cyberattack at the time and refuted claims that other information had been compromised in the attack.

The airline has now contacted customers to tell them that more personal information may have been exposed in the attack.