CyberInsider

Reliable cybersecurity news and resources

General

Latest News

About

CyberInsider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

Iberia breach exposed frequent flyer data, hacker leaks files

By Leave a Comment
LinkedInReddit

Spanish airline Iberia has disclosed a data breach affecting the personal information of some customers, following a security incident involving a third-party service provider.

The airline says names, email addresses, and Iberia Plus loyalty card numbers may have been compromised but asserts that account passwords and full payment details remain secure.

The breach was formally communicated to customers over the weekend, though threat activity linked to the incident was reported as early as November 14, 2025. According to cybersecurity monitoring group Hackmanac, a threat actor posted on a dark web forum claiming responsibility for the breach and advertising a cache of 77 GB of stolen internal Iberia data for $150,000. The seller alleges the dataset includes aircraft technical documentation related to A320 and A321 models, AMP maintenance files, engine data, and signed internal documents. Alarmingly, the actor characterized the data as ISO 27001 and ITAR-classified, labels suggesting sensitive or regulated material potentially subject to export controls and international scrutiny.

Threat actor's post on hacker forums
Hackmanac

Iberia, formally Iberia Líneas Aéreas de España, is the flag carrier of Spain and one of the largest airlines in Southern Europe. It is part of the International Airlines Group (IAG), alongside British Airways, Vueling, and Aer Lingus. The airline operates a global network of passenger and cargo flights, including transatlantic routes and a significant presence in Latin America.

While Iberia’s notice emphasized that login credentials and full credit card data were not accessed, it confirmed that the breach stemmed from a supplier system compromise. The airline has launched internal and external investigations in collaboration with its vendors and has notified the relevant data protection authorities as required under Spanish and EU law.

Letter sent to impacted clients
Hackmanac

To contain the fallout and prevent further exploitation, Iberia says it has tightened account change procedures by requiring additional verification for email address modifications, increased monitoring for suspicious activity, and applied enhanced technical safeguards. So far, the company has found no evidence of fraudulent use of the exposed data, but it advises customers to be vigilant and report any suspicious activity promptly.

For now, customers are advised to:

  • Monitor inboxes for phishing attempts using their leaked information.
  • Enable multi-factor authentication on Iberia and related travel accounts.
  • Avoid reusing Iberia Plus credentials on other platforms.
  • Report any suspicious activity to Iberia's call center at +34 900 111 500.

If you liked this article, be sure to follow us on X/Twitter and also LinkedIn for more exclusive content.

LinkedInReddit

More from CyberInsider

About Amar Ćemanović

Amar Ćemanović is an experienced editor and trained engineer with a keen eye for detail and a passion for technology. 
Based in Bosnia, Amar specializes in producing high-quality, engaging content. He holds a Master’s degree in engineering, which helps him maintain a meticulous approach to all editorial work. Amar brings a well-rounded knowledge base, covering everything from tech solutions to privacy tools.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Share to...
BlueskyBufferCopyFlipboardHacker NewsLineLinkedInMastodonMessengerMixNextdoorPinterestPrintRedditSMSTelegramThreadsTumblrVKWhatsAppXingYummly