Spanish airline Air Europa has suffered a cyber attack on its online payment system that let some of its customers' credit card details exposed, the company said.
The airline emailed customers whose credit card details were affected and notified the relevant financial institutions, it added.
It did not specify the number of customers affected, nor did it estimate the financial impact of the cyber attack.
The company said no other information had been exposed.
"There is no evidence that the breach was ultimately used to commit fraud," the airline said.
An email received by an Air Europa customer and seen by Reuters advised that the card used to pay on the Air Europa website should be cancelled and replaced "to prevent possible fraudulent use of your information" following the incident.
Spanish consumer association OCU recommended that users who receive the email follow Air Europa's advice and called on the country's data protection watchdog to investigate when the cyberattack occurred as unauthorised use of the exposed cards could pre-date the company's alert.
In 2021, the airline was fined for its mishandling of another breach that affected 489,000 customers in 2018, the OCU said in a statement.
Air Europa reported that incident 41 days after it happened, whereas companies are required to do so within 72 hours.
Madrid-based Air Europa is in the process of being taken over by British Airways-owner International Consolidated Airlines Group.
Forrester Technology & Innovation APAC 2023
