Cyprus Airways said on Wednesday it has suffered a leak of some passenger information through a phishing scam but passwords and credit-card details had not been obtained by the culprits.

According to reports, the airline sent an email to passengers that some personal data had been obtained by hackers.

The email informed customers that recently, an unauthorized external party gained access to some passenger files without there having been a breach of the server.

According to the company, the data that may have been affected does not include passwords, credit card details or any other information related to payments, but mainly concerns contact details of customers who had made reservations in the past.

The data may have been sold on to third parties and may have included name, surname, ID number or passport number, email address, telephone number, flight number and itinerary, as well as fare type.

Sources from the company told Phileleftheros that the company managed to stop the attack, so lists of all passengers have not been leaked.

Cyprus Airways, however, warned there was a possibility of their data being used in phishing scams that may appear to come from the airline.

“For this reason, customers should be particularly careful with emails or messages that request personal or financial information. Always check the sender’s address and not open suspicious links or attached files,” it said.