Infiltration via web browsing technique
The recent cyber incident targeting Air Europe appears to involve hackers of Russian origin who accessed internal resources at the airline’s headquarters on the island of Mallorca. The intrusion reportedly took place over a period in September, affecting parts of the airline’s digital ecosystem and exposing sensitive data stored on its servers in Llucmajor.
Security experts indicate that information from approximately 100,000 customer debit cards was compromised. The affected data includes card numbers, expiration dates, and the three verification digits used for processing payments. After identifying the breach, Air Europe notified cardholders by email and prompted immediate card cancellation, though no direct accusations of wrongdoing were confirmed at that time. The incident is connected to a broader Russian cyberattack on the airline’s server infrastructure located in Mallorca.
The company advised customers to follow a sequence of precautionary steps to mitigate fraudulent activity. The guidance emphasized validating the card used for purchases on the airline’s site and coordinating with the issuing bank for cancellation, replacement, or reissue of the card to guard against misuse. Banks across the Balearic Islands received a surge of inquiries from concerned Air Europe customers regarding the breach and the recommended actions. Some affected individuals reported that card replacement could incur a small processing fee.
On the broader security front, Air Europe reportedly engaged Deloitte to conduct an assessment, a move that underscores the importance of external expertise in handling large-scale incidents. In 2018 the airline had faced penalties related to a prior security lapse, highlighting the ongoing challenge of safeguarding digital assets in the travel sector. The current breach led to the detection of fraudulent activity involving a subset of four thousand cards, representing less than one percent of the total compromised set.
Analysts interviewed by El Confidencial describe a web browsing attack technique. This method involves unauthorized access to a company’s servers and manipulation of the webpage that collects payment information. The altered page appears legitimate while silently sending payment data to the attacker’s server in real time. The attacker is then able to monetize the stolen information through various channels. Experts emphasize that the breach could be used for blackmail or sold on illicit markets, increasing the risk of further fraud. The Financial Users Association also weighed in, cautioning that stolen payment details remain a valuable commodity for criminals.
The Balearic Health Service incident as a reference point
The Mallorcan health system experienced a significant cyber event that set a precedent for later breaches. The Balearic Health Service disclosed that between late December 2021 and early February 2022 a substantial volume of patient information was affected, including consent forms, treatment records, and administrative documents connected to procedures and diagnostic tests. Although the attack did not compromise all records, the exposure prompted a substantial response, including a government commitment to enhance cybersecurity measures and direct outreach to roughly 30,000 affected users to verify and secure their data. The event demonstrated the potential for large-scale cyber operations to disrupt health services and the importance of rapid remediation and support for those impacted. In response, authorities allocated funds to strengthen digital defenses within the Servei de Salut and pursued a targeted notification program for affected individuals to ensure data integrity and patient safety. This broader context helps explain why recent security incidents in the region have heightened awareness and prompted tighter controls across critical public and private sectors. [Citation: El Confidencial, Deloitte report, and regional authorities updates]