Spanish flag carrier Iberia has begun notifying customers of a data security incident stemming from a compromise at one of its suppliers.
The disclosure comes days after a threat actor claimed on hacker forums to have access to 77 GB of data allegedly stolen from the airline.
Customer data affected
Iberia, Spain’s largest airline and part of IAG (International Airlines Group), says unauthorized access to a supplier’s systems resulted in the exposure of certain customer information.
According to an email seen by threat intelligence platform Hackmanac, the compromised data may include:
- Customer’s name and surname
- Email address
- Loyalty card (Iberia Club) identification number
The airline says customers’ Iberia account login credentials and passwords were not compromised, nor was any banking or payment card information accessed.
“As soon as we became aware of the incident, we activated our security protocol and procedures and implemented all necessary technical and organizational measures to contain it, mitigate its effects, and prevent its recurrence,” states the security notice mailed out in Spanish.
Iberia says it has added additional protections around the email address linked to customer accounts, now requiring a verification code before any changes can be made.
The airline is also monitoring its systems for suspicious activity. Relevant authorities have been notified, and the investigation remains ongoing in coordination with the involved supplier.
“As of the date of this communication, we have no evidence of any fraudulent use of this data. In any case, we recommend that you pay attention to any suspicious communications you may receive to avoid any potential problems they may cause. We encourage you to report any anomalous or suspicious activity you detect to our call center by calling the following telephone number: +34 900111500,” continues the email.
Disclosure follows data theft claims
The timing of the disclosure is noteworthy, as it follows a claim made roughly a week ago by a threat actor online that they had access to 77 GB of purported Iberia data and were attempting to sell it for $150,000.
In the forum post (shown below), the threat actor claimed the trove was “extracted directly from [the airline’s] internal servers” and contained A320/A321 technical data, AMP maintenance files, engine information, and other internal documents:
It’s not clear whether the purported data dump is related to Iberia’s incident, as the listing does not mention the customer information Iberia says was exposed. Furthermore, the airline attributes the breach to a third-party vendor rather than its own servers.
BleepingComputer has not verified the authenticity of the data advertised online. We have approached Iberia’s press team with further questions and will update this article once we hear back.
In the meantime, Iberia customers and partners should remain cautious of any unsolicited or suspicious messages claiming to come from the airline, as these may be phishing or social engineering attempts.
As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.
This free cheat sheet outlines 7 best practices you can start using today.