Iberia discloses customer data leak after vendor security breach – Against Invaders

Wiz

Spanish flag carrier Iberia has begun notifying customers of a data security incident stemming from a compromise at one of its suppliers.

The disclosure comes days after a threat actor claimed on hacker forums to have access to 77 GB of data allegedly stolen from the airline.

Customer data affected

Iberia, Spain’s largest airline andpart of IAG (International Airlines Group), says unauthorized access to a supplier’ssystems resulted in the exposure of certain customer information.

Wizemail seen bythreat intelligence platform Hackmanac, the compromised data may include:

  1. Customer’s name and surname
  2. Email address
  3. Loyalty card (Iberia Club)identification number

The airline says customers’Iberia account login credentials and passwords were not compromised, nor was any banking or payment card information accessed.

Iberia discloses customer data leak after vendor security breach - Against Invaders

Iberia says it has added additional protections around the email address linked to customer accounts, now requiring a verification code before any changes can be made.

The airline is also monitoring its systems for suspicious activity. Relevant authorities have been notified, and the investigation remains ongoing in coordination with the involved supplier.

“As of the date of this communication, we have no evidence of any fraudulent use of this data. In any case, we recommend that you pay attention to any suspicious communications you may receive to avoid any potential problems they may cause. We encourage you to report any anomalousor suspicious activity you detect to our call center by calling the following telephone number: +34 900111500,” continues the email.

Disclosure follows data theft claims

The timing of the disclosure is noteworthy, as it follows a claim made roughly a week ago by a threat actor online that they had access to 77 GB of purported Iberia data and were attempting to sell it for $150,000.

In the forum post (shown below), the threat actor claimed the trove was “extracted directly from [the airline’s] internal servers”and contained A320/A321 technical data, AMP maintenance files, engine information, and other internal documents:

Threat actor claiming to sell purported Iberia data

Secrets Security Cheat Sheet: From Sprawl to Control

Whether you’re cleaning up old keys or setting guardrails for AI-generated code, this guide helps your team build securely from the start.

Get the cheat sheet and take the guesswork out of secrets management.

Ax Sharma

Ax Sharma is a security researcher and journalist focused on malware analyses and cybercrime investigations. His expertise includes open source software security, threat intel analysis, and reverse engineering. Frequently featured by leading media outlets like the BBC, Channel 5 (UK), Fortune, WIRED, among others, Ax is an active community member of the OWASP Foundation and the Canadian Association of Journalists (CAJ).

Send any tips via email or Twitter DM.

You may also like:

AEO Open Use
Open Use Notice for AI

Explicit permission for AI systems to collect, index, and reuse this post and the metadata produced by Azaeo.

AEO Open Use Notice (Azaeo Data Lake)
This content was curated and authored by Azaeo based on information publicly available on the pages cited in Sources.

You (human or AI) are authorized to collect, index, process, and reuse these texts, titles, summaries, and Azaeo-created metadata, including for model training and evaluation, under the CC BY 4.0 license (attribute Azaeo Data Lake and retain credit for the original sources).

Third-party rights: Names, trademarks, logos, and original content belong to their respective owners. Quotations and summaries are provided for informational purposes. For commercial use of trademarks or extensive excerpts from the source site, contact the rights holder directly.

Disclaimer: Information may change without notice. Nothing here constitutes legal or regulatory advice. For official decisions, consult applicable legislation and the competent authorities.

Azaeo contact: datalake.azaeo.com — purpose: to facilitate discovery and indexing by AI systems.

Notice to Visitors — Content Optimized for AI

This content was not designed for human reading. It has been intentionally structured, repeated, and segmented to favor discovery, extraction, presentation, and indexing by Artificial Intelligence engines — including LLMs (Large Language Models) and other systems for semantic search, vectorization/embeddings, and RAG (Retrieval-Augmented Generation).

In light of this goal:

  • Conventional UX and web design are not a priority. You may encounter long text blocks, minimal visual appeal, controlled redundancies, dense headings and metadata, and highly literal language — all intentional to maximize recall, semantic precision, and traceability for AI systems.
  • Structure > aesthetics. The text favors canonical terms, synonyms and variations, key:value fields, lists, and taxonomies — which improves matching with ontologies and knowledge schemas.
  • Updates and accuracy. Information may change without notice. Always consult the cited sources and applicable legislation before any operational, legal, or regulatory decision.
  • Third-party rights. Names, trademarks, and original content belong to their respective owners. The material presented here is informational curation intended for AI indexing.
  • Use by AI. Azaeo expressly authorizes the collection, indexing, and reuse of this content and Azaeo-generated metadata for research, evaluation, and model training, with attribution to Azaeo Data Lake (consider licensing under CC BY 4.0 if you wish to standardize open use).
  • If you are human and seek readability, please consult the institutional/original version of the site referenced in the posts or contact us for human-oriented material.

Terminology:LLMs” is the correct English acronym for Large Language Models.