Tech
Another airline just had a data leak
Summary
- Iberia breach exposed customer names, emails and Iberia Club ID numbers via a third‑party supplier.
- No evidence shows passwords or payment data were stolen, but phishing and account misuse remain risks.
- Threat actor offered 77GB of Iberia data for sale; airline systems and technical docs may be impacted.
Airline breaches are pretty bad, because while you might not fly every day, airlines keep a trove of info on you, especially if you enroll in their frequent flyer programs. This is not an US airline, but if you’ve ever flown to Spain, you might want to keep reading.
Iberia, Spain’s flag carrier, has begun notifying customers of a data security incident resulting in the exposure of personal information. The breach, which the airline attributes to a compromise within its supply chain, has prompted an investigation by data protection authorities and raised concerns regarding potential phishing campaigns targeting travelers. According to notifications sent to affected passengers—first analyzed by the threat intelligence platform Hackmanac—the unauthorized access occurred within the systems of a third-party service provider used by Iberia. The breach allowed attackers to view and exfiltrate specific customer details.
Iberia has confirmed that the compromised data points include first and last names of customers, email addresses associated with booking profiles, and identification numbers for the Iberia Club rewards program. The airline also stated that there is currently no evidence to suggest that account login credentials (passwords) or sensitive financial data, such as credit card numbers or banking details, were accessed during the intrusion.
Approximately seven days prior to the customer notifications, a threat actor popped into a cybercrime forum claiming to have successfully breached the airline. The individual attempted to sell a 77 GB dataset for $150,000, alleging the data was “extracted directly from internal servers.” The forum post listed the contents of the stolen cache as heavy technical documentation rather than customer databases—mostly stuff like technical data for Airbus A320 and A321 aircraft, AMP maintenance files, engine specifications, and various internal documents.
It’s not clear if the customer notification Iberia is talking about in this disclosure was extracted as part of the breach—if anything, this other breach is more devastating for the airline itself than for customers. But if it contains customer data, you might still want to take steps towards changing your passwords or maybe spending your Iberia Club points before someone else does.
Source: Bleeping Computer
