Air Europe disclosed a cybersecurity incident that exposed customer information, including data linked to bank payments. The company told El Periódico de Catalunya, part of the Prensa Ibérica group, that users reported issues on social media. The leaked data reportedly included card numbers, expiration dates, and CVV codes.
A member of Air Europe’s security team confirmed a vulnerability in the online payment system used for ticket purchases. The problem appeared to relate to the payment flow and the possible extraction of credit card details. Airline sources said there was no evidence the leak had been used for fraudulent transactions, though the incident prompted reviews of payment processes within the organization.
The Hidalgo family group, which owns Air Europe, emphasized a policy of rapid detection and response. This stance aligns with the airline’s established protocol to protect payment channels and prevent further data exposure.
The airline stated that, to date, there is no evidence that the affected data has been used for fraud. Operations reportedly continued normally and service security was described as guaranteed. Passengers could continue purchasing tickets on the official site with a sense of normalcy, while investigations were ongoing.
via email
Air Europe advised customers to contact their banks to cancel the credit cards used for airline payments. A warning message was sent to users about the risk of card fraud and related threats tied to the incident.
The company urged customers to follow protective steps to safeguard their interests. In the email obtained for this report, the airline outlined preventive measures aimed at reducing the risk of fraudulent use of banking information. It recommended identifying the card used for payments on the airline’s website and contacting the bank to cancel, replace, or reissue that card to prevent possible misuse.
The airline also urged caution: do not disclose personal information, PINs, full names, or other data over phone calls, texts, or emails, even if the caller claims to represent a banking institution. Do not click on links that claim to notify users of fraudulent transactions. Conduct banking activities only through verified bank channels, and report any suspected unauthorized card activity to the appropriate authorities. Preserve any evidence of suspicious activity and share it with law enforcement as needed to support an investigation.