Spanish flag carrier Iberia is notifying customers that their personal information was compromised after one of its suppliers was hacked.
In Spanish-written emails sent on Sunday, a copy of which threat intelligence provider Hackmanac shared on social media, the company said that names, email addresses, and frequent flyer numbers were stolen in the attack.
According to Iberia, no passwords or full credit card data was compromised in the attack, and the incident was addressed immediately after discovery.
The airline said it also improved customer account protections by requiring a verification code to be provided when attempting to change the email address associated with the account.
Iberia said it has notified law enforcement of the incident and that it has been investigating it together with its suppliers.
The company did not say when the data breach occurred and did not name the third-party supplier that was compromised. It is unclear if the incident is linked to recently disclosed hacking campaigns involving Salesforce and Oracle EBS customers.
It should also be noted that Iberia sent out notifications roughly one week after a threat actor boasted on a hacking forum about having stolen roughly 77 gigabytes of data from the airline’s systems.
The hacker claimed to have stolen ISO 27001 and ITAR-classified information, technical aircraft documentation, engine data, and various other internal documents.
Asking $150,000 for the data, the threat actor was marketing it as suitable for corporate espionage, extortion, or resale to governments.
Founded in 1927, Iberia merged with British Airways in 2011, forming International Airlines Group (IAG), which also owns Aer Lingus, BMI, and Vueling. Iberia currently has an all-Airbus fleet, operating on routes to 130 destinations worldwide.
Related: American Airlines Subsidiary Envoy Air Hit by Oracle Hack
Related: Canadian Airline WestJet Says Hackers Stole Customer Data
Related: Cyberattack On Russian Airline Aeroflot Causes the Cancellation of More Than 100 Flights
Related: Hawaiian Airlines Hacked as Aviation Sector Warned of Scattered Spider Attacks
