Luxair reports data breah, exposing customer information
Learn More
Luxair, the leading airline of Luxembourg, reported a significant data breach that occurred through an external service provider, potentially jeopardizing sensitive passenger data. The airline promptly issued a cautionary notice to its customers, urging heightened vigilance, particularly in response to potential phishing attempts that might impersonate official Luxair communications.
Luxair's uses an unnamed external service provider for management of flight disruptions. The provider's primary role was to facilitate communication between Luxair and its customers during flight delays, encompassing the provision of meal vouchers and hotel reservations as needed.
The service provider was using a cloud server that was vulnerable and could have been accessed by hackers despite prior assurances of robust data protection.
Passengers who experienced flight disruptions between November 2020 and July 4, 2023, are potentially impacted.
The exposed data includes
- booking details,
- particulars relating to meal vouchers,
- hotel reservations,
- SMS notifications about flight disruptions
No details were provided as to the nature of the vulnerability and breach, or the number of affected individuals.
Luxair emphasizes, however, that the mere accessibility of this data doesn't necessarily imply that all of it was accessed by malicious entities.
The third party provider took action to enhance the security of the affected server, mitigating possible avenues for external threats.
Luxair strongly advises passengers to maintain a high level of vigilance and that they are at a heightened risk of phishing attempts, especially through communications that mimic official Luxair branding.
For passengers seeking further information or experiencing lingering concerns, Luxair has established a dedicated communication channel. Queries can be directed to their Data Protection Officer at data.breach@luxairgroup.lu.
