Air Europa, one of Spain’s largest airlines, is urging some customers to cancel their payment cards after the information may have been compromised as a result of a recent hack.
In notifications sent to impacted customers, the airline said it recently detected unauthorized access to a system storing payment card data.
The company says hackers may have accessed partial credit card numbers, expiration dates, and CVV codes. No other information appears to have been compromised.
Individuals who receive Air Europa’s email notifications are being advised to identify payment cards used to make purchases on its website, contact the associated bank, and request the card’s cancellation. They have also been advised to keep an eye out for any malicious phone calls, emails or messages.
It’s unclear how many individuals are impacted, but the company said relevant authorities have been notified.
It’s not uncommon for airlines to be targeted by ransomware groups, which often steal sensitive information from compromised systems. In this case, it’s also possible that Air Europa’s payment systems were targeted by cybercriminals who sell credit and debit card data on dark web marketplaces.
SecurityWeek has not seen any mention of Air Europa on the leak websites of major ransomware groups.
The company has not responded to a request for additional information.
Related: Cyberattack Steals Passenger Data From Portuguese Airline
Related: Breached American Airlines Email Accounts Abused for Phishing
Related: United Airlines Says the Outage That Held Up Departing Flights Was Not a Cybersecurity Issue
Related: American Airlines, Southwest Airlines Impacted by Data Breach at Third-Party Provider