- Iberia disclosed a third‑party breach exposing customer names, emails, and loyalty card IDs, but not passwords or banking data
- A dark web ad claims 77 GB of Iberia’s internal technical files were stolen, raising questions of a separate attack
- Investigation is ongoing, law enforcement notified, and customers urged to stay alert for suspicious communications
Spain’s national airline Iberia is notifying customers of a third-party cyberattack and data theft incident.
In a data breach notification letter shared on social media, Iberia said a malicious threat actor gained access to a third-party supplier, through which it managed to steal full names, email addresses, and the Iberia Club loyalty card identification numbers of an undisclosed number of customers.
Passwords, as well as banking information, are apparently not compromised.
Files pop up on the dark web
“As soon as we became aware of the incident, we activated our security protocol and procedures and adopted all the necessary technical and organizational measures to contain, mitigate and eliminate its effects and to prevent it in the future,” Iberia said, stressing any change of the email address on the Iberia website now requires a confirmation first.
The investigation remains ongoing, and law enforcement has been notified.
The airline says there is no evidence that the stolen files were abused in the wild, but still urges its customers to remain alert, especially to possible communication attempts.
At the same time, BleepingComputer reports someone recently posted a new ad on a dark web forum advertising 77 GB of Iberia data for $150,000.
In the forum post, the threat actor claimed the archive was nabbed “directly from the airline’s internal servers” and said it contained technical data on A320/A321 aircraft, AMP maintenance files, engine information, and other internal documents.
This does not align with what Iberia said in its email, so it remains to be seen if this is the same incident, or two separate attacks.
At press time, there was no new information posted on Iberia’s website, or its social channels.
Iberia is part of the International Airlines Group and flies to over 130 destinations around the world.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
