Iberia discloses security incident tied to supplier breach
Iberia warns customers of a supplier-related data breach as a threat actor claims to hold 77GB of stolen airline data.
Iberia is warning customers about a data breach after a third-party supplier was hacked by a threat actor who claims to have stolen 77 GB of airline data.
Iberia is the flag carrier airline of Spain, headquartered in Madrid and founded in 1927. It operates a large international network from Madrid–Barajas Airport, flying to over 140 cities in Europe, the Americas, Africa, the Middle East, and Asia. Iberia is part of International Airlines Group (IAG), which also includes British Airways, Vueling, LEVEL, and Aer Lingus. The airline offers passenger and cargo services, aircraft maintenance, and airport handling.
The company disclosed the security breach and confirmed the exposure of customer information, including names, emails, and Iberia Club loyalty IDs.
“Dear Customer, The reason for this communication is to inform you that, unfortunately, at Iberia Líneas Aéreas de España we have detected a security incident related to unauthorized access to the systems of an Iberia supplier, which has compromised the confidentiality of certain data.
Despite the security measures implemented by Iberia, we have found evidence of unauthorized access to certain personal data of our customers, among which some of yours could be found. The current investigation reflects that data such as name and surnames; email address; or Loyalty card identification number (Iberia Club) may have been leaked.” reads the data breach notification sent to the impacted customers.
The company pointed out that the threat actor did not have access to Iberia accounts or customer passwords. The carrier airline said that the financial data hasn’t been breached.
🚨Cyber Alert‼️
🇪🇸Spain – Iberia
Iberia Airlines reports a security incident involving unauthorized access to an external provider, exposing customer names, emails, and Iberia Club loyalty IDs.
Sector: Air Transport
Threat class: CybercrimeStatus: Confirmed pic.twitter.com/wFwtBSrfZu
— Hackmanac (@H4ckmanac) November 23, 2025
Iberia says it activated its security protocol immediately after learning of the supplier breach. The airline applied technical and organizational measures to contain the incident, reinforced account-change protections, and increased system monitoring. It also notified regulators and continues investigating with the supplier. Iberia has no evidence of fraudulent data use so far, but urges customers to stay alert for suspicious messages and to report any issues to its call center at +34 900 111 500.
Recently, a threat actor claimed to be selling 77 GB of Iberia’s internal data for 150,000 dollars, cybersecurity firm Hackmanac reported. The hacker said the package contains technical material on A320 and A321 aircraft, AMP maintenance files, and engine data, along with internal documents carrying signatures and certificates. The actor claimed the data is ISO 27001 and ITAR-classified, selling it for espionage, competitor resale, or use by China or Russia.
🚨Cyber Alert‼️
🇪🇸Spain – Iberia
A threat actor claims to be selling 77 GB of Iberia’s internal data for 150,000 dollars.
They say the package contains technical material on A320 and A321 aircraft, AMP maintenance files, and engine data, along with internal documents carrying… pic.twitter.com/4GIMW6FMGJ
— Hackmanac (@H4ckmanac) November 14, 2025
Follow me on Twitter:@securityaffairsandFacebookandMastodon
(SecurityAffairs–hacking,data breach)