487/68 Tuesday, November 25, 2025
Spanish airline Iberia has issued a customer alert regarding a data breach after a third-party service provider linked to the airline’s systems was hacked, resulting in unauthorized access to certain customer information. The attackers claim to possess up to 77 GB of data related to the airline.
As Spain’s flag carrier and a member of the International Airlines Group (IAG), Iberia stated that the exposed data may include full names, email addresses, and Iberia Club membership numbers. The airline emphasized that there is no evidence of unauthorized access to user accounts, passwords, or financial information. Upon detecting the incident, Iberia activated its emergency response plan, strengthened security measures, increased monitoring of account activity, enhanced system oversight, and notified relevant regulatory authorities as required.
Cybersecurity firm Hackmanac reported that the attackers are offering 77 GB of Iberia’s internal data for sale at USD 150,000, claiming it includes technical documents for A320/A321 aircraft, AMP maintenance files, engine data, and other internal documents containing signatures and certificates. The attackers also assert that the dataset includes information falling under ISO 27001 and ITAR categories.
Iberia stated that there is currently no evidence that the stolen data has been misused, but advises customers to remain vigilant for suspicious messages or emails and to contact customer service if they notice any irregularities.
