Spanish airline Iberia has reported a serious incident involving a leak of customer personal data. As a result of a cyberattack, hackers gained access to the information storage where names, surnames, email addresses, and, in some cases, phone numbers and loyalty program member IDs were kept. The company emphasizes that flight safety and operational systems were not affected.
Взлом произошел на стороннем сервисе, который использовался для обмена информацией между Iberia и ее партнерами. В этом хранилище не содержались данные о платежных картах или пароли от личных кабинетов, что позволило избежать более серьезных последствий. Тем не менее, часть информации о будущих бронированиях также оказалась в распоряжении злоумышленников.
Iberia’s response and actions to protect customers
After discovering the incident, the company immediately contacted specialized authorities, including the cybercrime division, as well as notified the national cybersecurity center and the data protection agency. At the same time, additional security measures were implemented to prevent such cases from recurring.
For customers whose data may have been compromised, Iberia has introduced two-factor authentication for managing bookings. This means that any ticket changes now require identity verification, making fraudulent activity significantly more difficult. In addition, the company has sent notifications to all affected users with detailed instructions on the next steps.
Which data was at risk
As a result of the attack, only limited information was obtained: first and last names, email addresses, and in some cases, phone numbers and Iberia Club membership IDs. No payment card data, passwords, or other sensitive details were compromised. Nevertheless, the company advises customers to remain vigilant and closely monitor any suspicious emails or phone calls.
It is also known that some booking codes for future flights ended up in the hands of cybercriminals. So far, there have been no reports of unauthorized use of this data, but Iberia continues to monitor the situation and is ready to respond promptly to any incidents.
Customer support and next steps
A dedicated, toll-free support line has been set up for anyone potentially affected by the breach. Customers can report any suspicious activity related to their bookings or personal information. The company apologizes for any inconvenience and emphasizes that customer safety remains a top priority.
Iberia plans to conduct an additional audit of its digital systems and review its data storage policies in the near future to minimize future risks. As cyber threats increase, the airline intends to invest in advanced data protection technologies and staff training.
This incident serves as a reminder of the importance of digital security for everyone in the industry. Iberia urges customers to remain vigilant and not share their information with third parties; if they have any concerns, they should contact customer support immediately.
