Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Threat actors got unauthorized access to customers` credit card information due to Air Europa data breach. The Spanish airline urged its impacted clients to cancel their credit cards in order to limit potential damage. It is still unknown how many people had their financial data exposed in this cyberattack.
More about the Air Europa Data Breach
In their emails to affected customers, according to BleepingComputer, Air Europa revealed that:
Our systems team confirmed the existence of a cybersecurity problem that would have affected the payment environment with which purchases are managed through the web.
The company gave no details about when the breach happened. However, they advised clients to cancel all credit or debit cards that they used for payments on the Air Europa website.
Also, they warned customers not to reveal any of their other personal data through telephone, message, or email. Additionally, they should check carefully with their bank any messages containing links that warn about fraudulent operations.
The financial data that hackers got access to are:
- card numbers,
- expiration dates,
- the 3-digit CVV (Card Verification Value) codes.
So, Air Europa`s customers risk card spoofing and financial fraud.
Air Europa`s message to impacted customers, as posted on FlyerTalk forum
Data Breach Impacting Customers Reloaded
Air Europa is Spain’s third-largest airline. Two years ago, in March 2021, the company suffered the consequences of another data breach that resulted in financial data leakage. The cyberattack had happened in 2018 and impacted 489,000 customers.
On that occasion, the Spanish Data Protection Agency (DPA) fined the airline €600,000 for failing to notify the European Union’s General Data Protection Regulation (EU GDPR) in time. The reason was Air Europa announcing the data breach after 40 days instead of the reglementary 72 hours.
How to Protect Sensitive Data
Cyberattacks and system breaches happen all the time. Although security teams can`t always block them in time, there are some data security measures that should be in place. To keep safe from data breaches, apply the following prevention measures:
- Protect sensitive data by using data encryption.
- Use DNS filtering to block all malicious communication. This will prevent hackers from accessing or exfiltrating data out of your system.
- Don`t postpone updates. Use an automated patch management solution to patch all software on all devices in time. Threat actors frequently exploit unpatched known vulnerabilities to breach companies` systems.
- Go through an endpoint security best practices checklist, to make sure all devices that connect to the organization`s network are clean.
- Educate employees regarding the importance of using a strong password and the ways to identify phishing emails.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
