- Iberia has disclosed a third-party breach exposing customers’ names, email addresses and loyalty card IDs, but not passwords or banking details.
- A dark web advertisement claims that 77 GB of Iberia’s internal technical files were stolen, raising questions of a separate attack.
- The investigation is ongoing, law enforcement has been informed and customers are urged to remain vigilant in the event of suspicious communications.
Spanish national airline Iberia is informing customers of a third-party cyberattack and data theft incident.
In a data breach notification letter shared on social media, Iberia said a malicious actor gained access to a third-party vendor, through which they managed to steal the full names, email addresses and Iberia Club loyalty card identification numbers of an undisclosed number of customers.
Passwords, as well as banking information, are apparently not compromised.
Files appear on the dark web
“As soon as we became aware of the incident, we activated our security protocol and procedures and adopted all the necessary technical and organizational measures to contain, mitigate and eliminate its effects and prevent it in the future,” Iberia said, emphasizing that any change of email address on the Iberia website now requires prior confirmation.
The investigation is continuing and the police have been notified.
The airline says there is no evidence that the stolen files have been misused, but it nevertheless urges customers to remain vigilant, particularly in the face of possible communication attempts.
At the same time, BeepComputer reports that someone recently posted a new ad on a Dark Web forum advertising 77GB of Iberia data for $150,000.
In the forum post, the threat actor claimed that the archives were retrieved “directly from the airline’s internal servers” and contained A320/A321 aircraft technical data, AMP maintenance files, engine information, and other internal documents.
This does not match what Iberia stated in its email. It therefore remains to be seen whether these are the same incident or two separate attacks.
At press time, no new information was published on Iberia’s website or social media channels.
Iberia is part of the International Airlines group and serves more than 130 destinations around the world.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
