Iberia clears the big doubt after the cyberattack: airline security is not at risk

Iberia has confirmed a serious security breach affecting its customers’ personal data after detecting unauthorized external access to a communication repository managed by a technology provider. The company insists that operational security has not been compromised and that the incident does not affect the systems that control flights.

As an Iberia spokesperson explained to EFE, it is a communication repository hosted and managed by a third party, and the information contained in that environment is “limited and not operational”, although some personal data was extracted. These include names, surnames, e-mail addresses and, to a lesser extent, telephone numbers and Iberia Club membership numbers.

• Iberia suffers serious security breach: customer data and 77 GB of internal documents exposed

The spokesperson also stressed that “no complete and usable payment method data or access codes to Iberia accounts have been obtained. Although the unauthorized actor was able to access some reservation codes for future flights, the airline stresses that there is no evidence of fraudulent activity linked to them.

An attack that coincides with the release of 77 GB of internal documentation

Specialized cybersecurity media have indicated that the leak may have occurred on November 14 and that a 77 GB package of internal Iberia documentation is circulating on the Dark Web. This material, allegedly offered for sale by the actor responsible for the intrusion, would include corporate files, administrative communications and operational data.

Iberia is analyzing the authenticity and real impact of this content. According to initial reports, the released documentation does not include sensitive customer information, but may contain relevant details on internal processes and technical configurations, with possible implications for corporate security.

• Iberia argues technical reasons for the latest flight cancellations between Ibiza and Palma

This case adds to the global trend in which cybercriminals are redirecting their targets towards corporate information, increasingly valuable material for both industrial espionage and extortion. In the dark market of the Dark Web, these packages are traded, exchanged as prestige currency between criminal groups or even released for free to gain reputation.

The airline activates protocols and alerts those affected

After detecting the incident, Iberia activated its security protocols, reinforced technical and organizational measures and notified the Spanish Data Protection Agency, INCIBE and the State security forces.

Similarly, the airline contacted customers whose data was breached and adopted additional controls to ensure that only cardholders can access and modify their reservations. The airline recalls that, for the time being, there is no indication that the breached reservation codes have been used for malicious purposes.

Which data are affected and which are not

Iberia emphasizes that the incident affects only a communications repository and not critical operating systems. The exposed data includes:

• Name and surname

• E-mails

• To a lesser extent, telephone numbers and Iberia Club membership numbers

What has not been compromised, according to Iberia:

• Complete information on payment methods

• Account passwords

• Operational data related to aviation safety

Risks to customers and warning about possible frauds

Although the scope for users is limited with respect to direct financial fraud, experts warn of the risk of phishing and spoofing campaigns. With the basic data leaked, criminals can try to send credible emails pretending to be the airline.

• Iberia and unions agree to extend cabin crew agreement with wage increases until 2028

For this reason, Iberia requests extreme caution in the event of suspicious communications and recommends contacting the company directly in case of any doubt. In its official communications, Iberia reminds that any query or notification related to the breach can be made through the customer service department or by e-mail at oficinaDPO@iberia.es.

The investigation continues

The airline maintains continuous monitoring of its systems and works in coordination with specialized agencies to determine the exact origin of the attack, the entry vector and the final scope of the leak.

In the meantime, a review of the material posted on the Dark Web continues to establish its authenticity and assess whether it could pose an added risk to the company’s internal business or operational planning.