The airline Iberia has confirmed a leak of personal data following unauthorized access to a database managed by an external technology provider. Although the exact number of people affected has not yet been determined, the company has activated an emergency protocol and has begun notifying customers whose data may have been exposed of the incident.
Those responsible for the attack were able to access personal but not operational information, the airline said. Iberia insists that flight security has not been compromised, stressing that the breach only affects an external communications repository.
What data has actually been leaked
Iberia has identified three types of compromised information, all of which are personal in nature: first and last names, email addresses and, “in some cases, reservation codes for future flights.”
The company clarifies that “no complete or usable data on payment methods or access codes to Iberia accounts” have been obtained, ruling out for the moment a direct risk to cards or passwords.
Although the reservation codes have been exposed, Iberia assures that there is no record of any fraudulent use resulting from this leak.
Iberia takes urgent measures
As soon as the incident was detected, the airline activated a response plan that included:
-
Individual notification by e-mail to affected customers.
-
Double authentication is required to manage or modify reservations.
-
Free phone number for questions and incidents: +34 900 111 500.
-
Communication and formal complaint to the UCO of the Guardia Civil, the Spanish Data Protection Agency and INCIBE.
The company states in its official statement that “Iberia publicly apologizes to the affected customers and assures that it is putting all means at its disposal to mitigate the impact and prevent further breaches“.
Ongoing research
The investigation remains open and is being conducted in coordination with cybersecurity agencies and the vendor involved. While Iberia is gathering technical information on the scope of the attack, security teams are trying to determine the exact source of the intrusion, which customers were specifically affected and whether the attacker attempted to access or copy operational or sensitive data.
So far, the airline maintains that the leaked information is limited and does not affect the operation of flights, a key point to avoid alarm among passengers.
Recommendations for clients: how to protect yourself now
Both Iberia and the authorities recommend following these basic safety guidelines:
-
Be wary of suspicious e-mails or calls pretending to be from Iberia.
-
Do not open links or download attachments in unsolicited messages.
-
Do not provide personal or bank details by e-mail or telephone.
-
Contact only through the official number provided by the airline: +34 900 111 500.
In case of receiving anomalous communications, it is recommended to report them immediately.
An incident that reflects a growing problem
The Iberia case adds to the increase in attacks affecting large companies through external providers, one of the most vulnerable vectors in the corporate digital ecosystem. The company assures that it has reinforced its controls and maintains active vigilance to prevent new illegitimate accesses.
For now, all indications are that the leak has been limited, but the analysis is still open and further updates are not ruled out if more data comes to light.
