Payment cards have been one of the targets of the cyberattack suffered by the airline Air Europa in the heart of its database and banks have activated protocols to limit the reach that the hack may have on their customers. It is not yet known how many have been affected or how long, but inquiries are expected to increase in the coming days and the firewall is already in place.
Dozens of people received an email from the airline this Tuesday warning of the alleged theft of banking information after the attack. It is believed that cybercriminals have been able to access an undetermined number of cards, their expiration dates and CVV. That is, the data that is necessary to make an electronic purchase, which is why the company has recommended that customers contact their bank to cancel the card they used to pay for their tickets.
And many of the recipients of that email have done so. Throughout the day, the entities contacted by this newspaper confirm that they have begun to receive queries from some of their clients and have proceeded to cancel the plastics likely to be affected by the attack. “The cards are blocked so that no one other than the owner can use them, and a new one is issued, with a new number and a new verification code,” they explain from one of the large Spanish banks. The process has no cost for clients.
The volume of queries and requests received is not significant, but it cannot be ruled out that it will increase in the coming hours or days. In any case, from the banking employers AEB They assure that the entities are collaborating and recommend that users consult the protocols established for these cases, not only due to the risk of fraudulent use of their cards but of their personal data in general.
The Association of Financial Users also points out this line (Asufin), which recommends potentially affected users to act “with diligence” and cancel as soon as possible the purchase card used to make the purchase through the airline. In his opinion, the cyberattack against the company may have had blackmail as its object, but it is not ruled out that the stolen data may have been sold in the so-called dark webso the possibilities of being subject to fraud and theft of funds are multiplied.