Cyberattack on Vendor Exposes Sensitive Passenger Data, Iberia Confirms
Iberia, Spain’s national airline, reported a major data security breach affecting passengers’ sensitive personal information after one of its service providers was targeted in a cyber attack.
Based in Madrid, Iberia is Spain’s largest airline and national flag carrier. A member of the Oneworld Alliance, it operates an extensive network of domestic and international routes, serving destinations throughout Europe, Africa, Asia, the Middle East, and the Americas.
In a data security incident notice sent to affected customers, Iberia said it recently learned of a security breach involving one of its service providers that resulted in the exposure of customers’ sensitive personal information.
🚨Cyber Alert‼️
— Hackmanac (@H4ckmanac) November 23, 2025
🇪🇸Spain - Iberia
Iberia Airlines reports a security incident involving unauthorized access to an external provider, exposing customer names, emails, and Iberia Club loyalty IDs.
Sector: Air Transport
Threat class: Cybercrime
Status: Confirmed pic.twitter.com/wFwtBSrfZu
The airline immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.
“Despite the security measures implemented by Iberia, we have had evidence of an unauthorised access to certain personal data of our customers, among which some of those concerns could be found,” Iberia said.
The compromised data included full names, email addresses, Iberia Club loyalty card identification numbers, and other personal details. The airline added that no customer account access information, passwords, or full bank card details were exposed during the incident.
“As soon as we have become aware of the incident, we have activated our security protocols and procedures and have adopted all the technical and organisational measures necessary to contain it, mitigate its effects and prevent it from being repeated in the future,” Iberia added.
🚨Cyber Alert‼️
— Hackmanac (@H4ckmanac) November 14, 2025
🇪🇸Spain - Iberia
A threat actor claims to be selling 77 GB of Iberia’s internal data for 150,000 dollars.
They say the package contains technical material on A320 and A321 aircraft, AMP maintenance files, and engine data, along with internal documents carrying… pic.twitter.com/4GIMW6FMGJ
Iberia issued its data security incident notice about a week after a threat actor claimed on a hacking forum to have stolen roughly 77 gigabytes of data from the airline’s systems. The attacker said the trove was “extracted directly from the airline’s internal servers” and included A320/A321 technical documents, AMP maintenance files, engine data, and other internal records.
The threat actor also stated that they are willing to sell the entire stolen database for $150,000.
Related Articles
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543