Data Breaches

Spanish Airline Iberia Notifies Customers of Data Breach

The company has notified its customers of the incident roughly a week after a threat actor claimed the theft of 77GB of data from Iberia’s systems.

Iberia data breach

Spanish flag carrier Iberia is notifying customers that their personal information was compromised after one of its suppliers was hacked.

In Spanish-written emails sent on Sunday, a copy of which threat intelligence provider Hackmanac shared on social media, the company said that names, email addresses, and frequent flyer numbers were stolen in the attack.

According to Iberia, no passwords or full credit card data was compromised in the attack, and the incident was addressed immediately after discovery.

The airline said it also improved customer account protections by requiring a verification code to be provided when attempting to change the email address associated with the account.

Iberia said it has notified law enforcement of the incident and that it has been investigating it together with its suppliers.

The company did not say when the data breach occurred and did not name the third-party supplier that was compromised. It is unclear if the incident is linked to recently disclosed hacking campaigns involving Salesforce and Oracle EBS customers.

Advertisement. Scroll to continue reading.

It should also be noted that Iberia sent out notifications roughly one week after a threat actor boasted on a hacking forum about having stolen roughly 77 gigabytes of data from the airline’s systems.

The hacker claimed to have stolen ISO 27001 and ITAR-classified information, technical aircraft documentation, engine data, and various other internal documents.

Asking $150,000 for the data, the threat actor was marketing it as suitable for corporate espionage, extortion, or resale to governments.

Founded in 1927, Iberia merged with British Airways in 2011, forming International Airlines Group (IAG), which also owns Aer Lingus, BMI, and Vueling. Iberia currently has an all-Airbus fleet, operating on routes to 130 destinations worldwide.

Related: American Airlines Subsidiary Envoy Air Hit by Oracle Hack

Related: Canadian Airline WestJet Says Hackers Stole Customer Data

Related: Cyberattack On Russian Airline Aeroflot Causes the Cancellation of More Than 100 Flights

Related: Hawaiian Airlines Hacked as Aviation Sector Warned of Scattered Spider Attacks

Related Content

Data Breaches

Hackers exploited a zero-day vulnerability in a third-party system to access a KDDI email system for ISPs.

Data Breaches

Hackers accessed the institution’s internal network and deleted two drives containing employee, student, and university data.

Data Breaches

The professional services giant says it contained the incident, remediated its source, and experienced no operational or service delivery impact.

Cybercrime

In April, ShinyHunters accessed the company’s corporate IT systems and stole patients’ personal and medical information.

Data Breaches

Hackers accessed the insurance giant’s policyholder portal multiple times between June 15 and June 25.

Data Breaches

Only a handful of the 100 organizations targeted in the PeopleSoft campaign have been confirmed.

Data Breaches

The ShinyHunters extortion group claims to have stolen 3.1 TB of data from the organization.

Data Breaches

Roughly two dozen companies have notified their customers of the Klue-Salesforce incident impact.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version