Iberia customer data leaked in vendor security breach
▼ Summary
– Iberia has disclosed a data security incident caused by unauthorized access to a supplier’s systems, exposing customer information.
– The compromised data includes customers’ names, email addresses, and Iberia Club loyalty card identification numbers, but not login credentials or payment details.
– Iberia has implemented additional security measures, such as requiring verification codes for email changes and monitoring for suspicious activity.
– The disclosure follows a threat actor’s claim of selling 77 GB of purported Iberia data, though it’s unclear if this is related to the customer data breach.
– Iberia advises customers to be cautious of suspicious communications and report any anomalies to their call center.
Spanish flag carrier Iberia has started informing its customers about a significant data security incident, which originated from a security compromise at one of its external suppliers. This development follows recent claims by a threat actor on underground forums, who alleged possession of a 77 GB data trove reportedly stolen from the airline.
The compromised information may include customer names, email addresses, and Iberia Club loyalty card identification numbers. Iberia, which is Spain’s largest airline and a member of the International Airlines Group (IAG), clarified that the breach occurred due to unauthorized access to a supplier’s systems. Importantly, the airline confirmed that account login credentials, passwords, and any banking or payment card details were not exposed in this incident.
In a security notice distributed to customers, Iberia stated, “Immediately upon discovering the incident, we activated our security protocols and implemented all necessary technical and organizational measures to contain the situation, mitigate its impact, and prevent similar occurrences in the future.” The notice, issued in Spanish, also mentioned that the airline has introduced extra safeguards for email addresses associated with customer accounts. Now, any modifications to these addresses will require a verification code for approval.
Iberia is actively monitoring its systems for any unusual activity and has notified the appropriate authorities. The investigation is being conducted in partnership with the affected supplier and remains ongoing. The airline emphasized, “To date, we have not identified any fraudulent use of the exposed data. Nevertheless, we advise customers to remain vigilant regarding any suspicious communications and to report any anomalous activity to our call center at +34 900111500.”
The airline’s disclosure comes just days after a threat actor posted online, claiming to have access to a large volume of Iberia data, reportedly 77 GB, and attempting to sell it for $150,000. In the forum post, the individual asserted that the data was taken directly from the airline’s internal servers and included technical details for A320/A321 aircraft, AMP maintenance records, engine information, and various internal documents.
It remains uncertain whether this claimed data dump is connected to the incident Iberia has reported, especially since the online listing did not reference the specific customer data the airline confirmed was exposed. Iberia attributes the breach to a third-party vendor, not its own internal infrastructure. The authenticity of the data being advertised has not been verified.
As a precaution, Iberia customers and partners are urged to exercise caution with any unsolicited or suspicious messages that appear to come from the airline, as these could be phishing or social engineering attempts.
(Source: Bleeping Computer)
