We are informing you of an incident involving unauthorized access to certain systems/information of Hermes Airports Ltd by a malicious third party. Although we are unaware of any actual misuse of such information, we wanted to notify potentially affected passengers about the incident.
We recently became aware that our PRM Management system which is used for the provision of assistance services at our airports to customers with disabilities or reduced mobility, was compromised by a cyberattack which resulted in unauthorized access to data that was processed in the system in order to provide passengers with the assistance services.
In accordance with our incident response procedures, we immediately took steps to ensure the situation is contained. We stopped the cyberattack, launched an investigation, and notified the relevant authorities.
We then analyzed how the attack may have affected the information processed in the system so as to understand the impact of this incident to the rights and freedoms of the persons whose data was in the system.
What information was involved
The information that was compromised concerns passengers who requested assistance services at our airports during the period 12 April 2019 to 30 March 2021 and includes:
- First name
- PRM IATA code of assistance (the code assigned by the airline that designates the assistance services to be provided to the passenger)
The personal data that was compromised cannot be used to directly identify you.
However, we recommend that you stay cautious to any unsolicited contact or communication you may receive in relation to the above personal information.
What are we doing
We are working with our provider as well as the relevant authorities to prevent this type of event from happening in the future. Protecting our passengers’ information and fostering an environment built on trust remains one of our top priorities.
For more information or to answer any questions you may have about this incident please contact our DPO at firstname.lastname@example.org.