Security Affairs
Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Air Europa data breach exposed customers’ credit cards

Airline Air Europa disclosed a data breach and warned customers to cancel their credit cards after threat actors accessed their card information. Air Europa is a Spanish airline and a subsidiary of the Globalia Corporation. It operates as a full-service carrier, providing passenger and cargo services to various destinations, both domestic and international. Air Europa […]

Data breach notification

Source Twitter

Airline Air Europa disclosed a data breach and warned customers to cancel their credit cards after threat actors accessed their card information.

Air Europa is a Spanish airline and a subsidiary of the Globalia Corporation. It operates as a full-service carrier, providing passenger and cargo services to various destinations, both domestic and international.

Air Europa has disclosed a data breach and issued a warning to its customers, advising them to cancel their credit cards due to unauthorized access by threat actors to their card information.

The company hasn’t revealed the number of impacted customers.

Data breach notification
Source: Twitter

Financial data exposed in the security incident includes credit card details (card numbers, expiration dates, and the CVV (Card Verification Value) code).

“A cybersecurity incident was detected in one of our systems and consists of unauthorized access to your bank card data, specifically the following information:

  • The number of the credit card that ends with XXX•
  • The expiration data of the said card.
  • The CVV of the card

From the first moment, we have engaged all our resources to contain the incident, adopting all the necessary technical and organizational measures. Thanks to this, we have secured our systems, guaranteeing the operations. Additionally, we have notified the competent authorities and necessary entities.”

Air Europa’s customers are recommended to remain vigilant, threat actors can use the compromised information in spear-phishing attacks and other fraud schemes.

In 2021 Air Europa had been fined €600,000 for a data breach that took place in 2018 and that affected 489,000 customers. The company failed to disclose the incident within 72 hours required under the European GDPR regulation, it took more than 40 days after it occurred.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Air Europa)