Data breach at an external service provider for Luxair

fr en

Luxair S.A. would like to inform its customers that a security incident, resulting in a breach of personal data, has occurred at an external service provider working for Luxair.

<< Back
18/08/2023 |
  • Boeing 737-8  Luxair copy

This external service provider supports Luxair in communicating with its customers in the event of flight disruptions or delays, so that affected customers can receive meal vouchers and organize hotel reservations if necessary.

It turns out that the service provider in question hosts its data in a cloud, which was not adequately secured, contrary to the guarantees it had given in terms of information security, resulting in access via the Internet to the server on which Luxair customer data were processed.

As such, the booking data of customers whose flights had been disrupted between November 2020 and 4 July 2023, resulting in the granting of a meal voucher, a necessary hotel reservation because of such disruption, or any disruption warning communication by SMS, was made accessible to unauthorized third parties. This does not, however, mean, that all data has actually been accessed.

The server in question has now been re-secured, preventing the data from being accessed. For the time being, the provider's services, for vouchers and hotel bookings, have been suspended until further notice.

On the basis of the data made accessible in this way, passengers are advised, in order to protect themselves against any fraudulent use of their data, to be extra vigilant when receiving messages (particularly phishing) that could reproduce Luxair's visual identity or be based on data from past flights.

Here are some advices from Luxair to its customers, to avoid being victims of such acts of phishing:

  • It is important not to open e-mail attachments that look suspicious. First and foremost, it is necessary to make sure that the domain name of the e-mail corresponds to a legitimate e-mail address. The SPAMBEE initiative (link) enables to report and detect such e-mails;
  • Avoid sending confidential information via e-mail;
  • Finally, check that electronic devices (such as cell phones and computers) are up to date and report any suspicious incidents to BEE-SECURE, the Grand Duchy of Luxembourg's government initiative to promote the safe and responsible use of information technology (link).

Finally, a dedicated e-mail address (), enabling anyone wishing to obtain further information about this incident, to contact the Data Protection Officer, has been set up for.

Back to top  | << Back

Communiqués liés


PwC's SFDR Barometer for Management Companies unveils surge ...

The latest edition of the PwC SFDR Barometer offers a comprehensive overview of ...

PwC Luxembourg

ArcelorMittal announces the publication of its 2023 annual r...

ArcelorMittal announces the publication of its 2023 annual report

Christian Borner 3 (002)
27/02/2024 Personnalités

Christian Borner nommé Country Head d’UBS Luxembourg

Christian Borner a été nommé Country Head d’UBS Luxembourg lors du passage ...

UBS Luxembourg
OLIV1174 - 20-02-24 - Olivier Toussaint
27/02/2024 Personnalités

Ryan Davis: A new partner for PwC Luxembourg

PwC Luxembourg is pleased to welcome Ryan Davis as a new Advisory Partner in Ris...

PwC Luxembourg
Benjamin Gauthier PwC Luxembourg

PwC Luxembourg publishes ‘From Compliance to Competitive ...

PwC Luxembourg releases a new report providing stakeholders within the financial...

PwC Luxembourg

AC Biode signs MoU in presence of Prime Ministers of Japan &...

At the Japan-Ukraine Conference for Promotion of Economic Growth and Reconstruct...

AC Biode

Il n'y a aucun résultat pour votre recherche

We use cookies to ensure the best experience on our website. By accepting you agree the use of cookies. OK Learn more