Credit Card Data from 16 Travel and Leisure Companies at Risk

Credit Card Data from 16 Travel and Leisure Companies at Risk

December 11, 2015         Written By Natalie Rutledge

On December 9, Wandera reported a security flaw that affected 16 companies from around the world, including airlines such as Air Canada, easyJet, AirAsia and Aer Lingus. The security vulnerability, which Wandera is calling “CardCrypt,” had the potential to reveal the unencrypted credit card information of hundreds of thousands of customers.

Wandera, a company that provides enterprise cloud services and security, found the companies were not fully encrypting information on the payment portion of their mobile websites and/or apps, which is a basic security requirement.

Information that may have been compromised includes credit card numbers, CVVs, passport details, vehicle registration information, email addresses, billing addresses and phone numbers.

These affected companies have a combined 500,000 passengers and customers each day:

easyJet Aer Lingus Chiltern Railways
Dash Card Services KV Cars Oui Car San Diego Zoo
Air Canada CN Tower American Taxi
Get Hotwired Tribeca Med Spa AirAsia

Although it is unknown whether or not this data was accessed by an unauthorized third party, Wandera suggests that customers of these companies take steps to protect their information, including monitoring accounts for suspicious activity and cancelling any credit cards that could have been affected.

As of today, Wandera reports that easyJet, Chiltern Railways, San Diego Zoo, CN Tower, Aer Lingus and Air Canada have resolved the problem.

The information contained within this article was accurate as of December 11, 2015. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.


About Natalie Rutledge

Natalie Rutledge majored in Communications at Mississippi State University. She was in sales for a number of businesses and spent nine years working as a communications advisor to various entities. Natalie can be contacted directly at
View all posts by Natalie Rutledge