Dear Customer,
We are writing to inform you that, through our cybersecurity monitoring, we recently identified a suspicious activity on one of our IT systems which stores some of your personal data held by Etraveli Group AB, of which Gotogate is part.
At the moment, we have no evidence or indication of any actual impact on any customer, nor that your data has actually been exploited in any way as part of such activity. Nonetheless, we would like to provide you with some additional information and recommendations below.
What happened and what actions have been taken?
On 15 May 2024, we detected a suspicious activity on a part of our IT systems. The activity indicated that an unauthorized external party had taken steps to try to access data from our IT system.
Upon detecting this activity, we immediately took countermeasures and blocked the suspicious behavior. Within the next 15 hours, we successfully implemented remedial actions to restrict any unauthorized access to the impacted part of the system. Our remedial actions included certain code changes, an update of the relevant system, additional security requirements for access to customer self-service functions and all other customer interaction touch points, a review of all system infrastructure, supplemental monitoring, and additional anomaly alarm implementation.
What personal data may have been involved?
Personal data that
may have been exposed in this suspicious activity is flight booking order details, such as email address, full name, phone number, booking reference, as well as gender and potentially home address.
Please note that no sensitive personal data has been exposed, such as data regarding health or detailed financial information such as bank account or credit card details. We do not collect or retain such information in our IT systems, so there is no risk that such information has been exposed. There is also no risk that any passport numbers or dates of birth have been exposed.
Your safety online
As mentioned, we currently have no evidence or indication of any actual impact on you.
However, as cybercrime is a persistent and important challenge for individuals and businesses alike, we recommend to remain alert for phishing attacks and other attempts by online fraudsters.
Please note that neither Gotogate, nor any airline whose services you might have booked through us, will ever require you to provide additional financial information such as credit card information through an email. If you are unsure whether a communication from Gotogate or an airline is genuine, please contact us through our
support to help you verify it.
Additionally, we share for your awareness and protection some key practices to avoid harm, phishing attacks, or fraud attempts:
- Stop. Question. Verify. When you receive a telephone call or message (including SMS, email, or instant message like WhatsApp), take a moment to question whether it is legitimate. Do not click on any links from untrusted sources or unexpected communications. Be vigilant of any suspicious emails, for instance, emails with improper grammar/spelling or sloppy language or asking you to take urgent action.
- Payment requests from Gotogate will be related to an open and ongoing customer service enquiry and should be expected. If you receive a request unexpectedly or it relates to a historical booking, please contact us through our support to help you verify if it is genuine.
- We will never request Payment card details to be entered directly into an email and any request will either be by phone (after security clearance) or through a secure Payment link.
- Do not enter your financial information on websites that are not secure. Typically, you will either be warned by your browser that the site is not secure or you will be able to see that the padlock in the URL is missing.
- By default, do not share security information (such as passwords and other security codes) over the phone.
How to contact us?
For any questions about this communication, please do not hesitate to contact us through our
support. We are here to support you in any way we can.
Yours sincerely,
Etraveli Group Privacy Team
