Cyber-attack and sanction to Air Europa
Cyber-attack and sanction to Air Europa
The latest news on data protection, report that the airline Air Europa, has been sanctioned by the Spanish Data Protection Agency(AEPD) for not providing a quick and correct solution to a security breach. Security Breachcaused by a cyber attack which affected the personal and financial data of more than 489,000 customers.
News that highlights the poor management in terms of data protection and diligence, as far as compliance with this and diligence, as far as compliance with this regulation is concerned.
The total penalty imposed is 600,000 euros and is broken down into two concepts:
Failure to comply with Security Measures: 500,000 euros
The AEPD states and concludes that the technical and organizational security measures implemented by Air Europa were neither sufficient nor appropriate to ensure the level of security appropriate to the risk and to prevent unauthorized access. In addition, the volume of records affected would amount to 1.5 million.
Delay in Security Breach Notification: 100,000 euros.
The regulations require that the notification must be made within a maximum period of 72 hours, after having knowledge of it, being in this case notified 41 days late.
It also appears that the airline was not aware of any breach in the security of its customers’ data until Banco Popular gave an initial warning, at which point Air Europa’s response plan was activated.
As a result, Air Europa commissioned a report from IBM, which confirmed that approximately 4,000 credit cards were used to commit fraud.
And another to a specialist cybersecurity company, which identified that the attacker had affected 2.7 million card numbers.
In addition, it is also confirmed that the security breach in Air Europa’s systems gave rise to unauthorized access (security breaches) to its customers’ financial and personal data.
In short, this and other current news about cyber-attacks on large companies, highlight the need to have the appropriate means and knowledge to prevent and act against possible violations / security breaches of information systems.
All this to avoid the loss of customer confidence, as well as to avoid sanctions from the supervisory body (AEPD), with very negative consequences for any entity (reputational and economic damage).
Rise of cyber-attacks
There are already many news of major companies that have suffered a cyberattack,(other news) but there are thousands of cases of small companies that do not have media coverage, which show a worrying rise in cyberattacks.
We help you
Business Adapter® provides you with the necessary assistance in the event of security breaches, as well as protocols to prevent cyber-attacks.
Contact us, we are expert consultants in data protection and cybersecurity.
[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]WE HELP YOU[/su_button]