Travel Club operator Air Miles España hit by cyberattack exposing customer data

Air Miles España, the operator of Spain’s widely used Travel Club loyalty program, is facing a ransomware attack that threat actors claim resulted in the theft of 131 gigabytes of data containing millions of customer records. The Everest ransomware group posted the allegation and set a ransom deadline, stating that Air Miles España had six days to respond.

The attackers asserted that the stolen data includes customer names, email addresses, account identifiers, demographic details, activity logs, and marketing information. Samples shared by the group consist of screenshots displaying CSV files with full customer information and loyalty program data. Indicators from the incident show that the intruders extracted confidential material before encrypting internal systems, a pattern consistent with Everest’s double extortion model.

Travel Club serves more than six million users across Spain and allows members to earn points through partnerships with major national brands in retail, travel, fuel, and online commerce. Its collaborations include large companies such as Repsol, Eroski, and Iberia, giving the platform a central role in the Spanish loyalty and advertising market.

The potential exposure of Travel Club data extends beyond individual consumers. The platform’s analytics and promotional systems support a broad network of marketing partners, retailers, and advertisers, creating potential disruptions across the wider ecosystem. The scale of the alleged breach raises the likelihood of increased social engineering attempts targeting customers, as well as scrutiny from regulators and reputational harm for the company.

Everest remains one of the most active ransomware groups operating today. The group has targeted major global organizations and became widely recognized after a 2021 emergence and a high-profile attack on AT&T in October 2022. Its recent activity includes incidents involving Petrobras in Brazil and the international apparel brand Under Armour.

Air Miles España had not publicly confirmed the breach or the attackers’ claims. The company was assessing the situation as the ransomware group continued to demand payment.