- Iberia disclosed a third-party breach that exposed customer names, emails and loyalty card IDs, but not passwords or bank details
- A dark web ad claims 77GB of Iberia’s internal technical files were stolen, raising questions about a separate attack
- Investigation is ongoing, law enforcement notified and customers are encouraged to be aware of suspicious communications
Spain’s national airline Iberia is notifying customers of a third-party cyber attack and data theft.
In a data breach notification letter shared on social media, Iberia said a malicious threat actor gained access to a third-party vendor through which it managed to steal the full names, email addresses and Iberia Club loyalty card identification numbers of an undisclosed number of customers.
Passwords as well as bank details are apparently not compromised.
Files appear on the dark web
“As soon as we became aware of the incident, we activated our security protocol and procedures and adopted all the necessary technical and organizational measures to limit, mitigate and eliminate its effects and to prevent it in the future,” Iberia said, stressing that any change to the email address on the Iberia website now requires confirmation first.
The investigation is still ongoing and the police have been notified.
The airline says there is no evidence that the stolen files were misused in nature, but still urges its customers to be vigilant, especially in the face of possible communication attempts.
At the same time, Bleeping Computer reports that someone recently posted a new ad on a dark web forum advertising 77GB of Iberia data for $150,000.
In the forum post, the threat actor claimed the archive was captured “directly from the airline’s internal servers” and said it contained technical data on A320/A321 aircraft, AMP maintenance files, engine information and other internal documents.
This does not match what Iberia said in its email, so it remains to be seen if this is the same incident or two separate attacks.
At press time, there was no new information published on Iberia’s website or its social channels.
Iberia is part of the International Airlines Group and flies to over 130 destinations around the world.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
