The cyber-attack on Air Europa was carried out by hackers of Russian origin who broke into the airline’s servers at its headquarters in Mallorca, in Llucmajor, and from there accessed the Adyen payment gateway, as Diario de Mallorca has learned from internal Air Europa sources on the island.
The infiltrationthe second suffered by the company since 2018, occurred, added the same sources consulted, between September 26 and 29 and compromised the information of some 100.000 customer bank cardsalthough it was not until yesterday that Air Europa raised the alarm.
For his part, Adyenthe company that provides the air Europa payment gatewayas well as many other companies in Spain and around the world, is one of the most important payment gateways in the worlddutch company founded in 2006 that allows companies to accept e-commerce, mobile device and point-of-sale payments, connecting with payment methods around the worldo.
“Our systems team confirmed the existence of a cybersecurity problem that would have affected the payment environment with which purchases are managed through the web. This fraudulent alteration of the flow in the payment process would have enabled the data mining from credit cards. There is no record that the leak ended up being used to commit any fraud.”the airline’s sources said Tuesday.
Air Europa’s recommendations to its customers
Air Europa recommended on Tuesday to its customers to put on contact their banking institution to cancel the credit card they have used for payments with your company. The airline i send a notice on Tuesday night to its users, warning them about the “risk of card impersonation and fraud.” that the aforementioned incident could pose.
“In the interest of protecting your interests, we recommend that you follow the following steps“, indicates the airline in the aforementioned email, to which this media has had access. From here, it lists a series of preventive measures that its customers should follow in order to avoid a problem of fraudulent use of their bank accounts. Thus, it asks for identify the card used to make a payment on the company’s web site and contact the bank for request the “cancellation, cancellation or substitution of that card in order to prevent the possible fraudulent use of your information”.
He further adds, “not to provide personal informationyour pin number, name or any other personal information via telephone, message or email, even when they identify themselves as your bank” or “do not give out any personal information[]” nor click on “links that warn you of fraudulent transactions”. “Contact your banking institution by verifiable means,” he adds, in addition to “collect any evidence of possible unauthorized use of your card and report it to the State Security Forces and Corps”.
Report of the attack commissioned to Deloitte
As reported today by the digital newspaper El Confidencial, Air Europa has requested a forensic report from Deloitte, the consultancy firm that, despite being one of the most qualified in this area, also suffered from a global cyberattack in 2017, which affected millions of internal emails. Once it has this correct x-ray of what happened, the airline, which was fined €600,000 for the previous 2018 problem, will take further action and activate liability insurance. On that occasion, the fraudulent use of 4,000 cards was detectedslightly less than 1% of those stolen.
For the full article, please visit Diario de Ibiza website here.