Iberia Airlines Data Breach
Iberia Airlines Data Breach
Status: Confirmed
21.3M
records
Vendor breach
Nov 2025
Breach Overview
Threat Actor
Everest (claimed)
Vector
Compromised third-party supplier
Date of Disclosure
Late November 2025
Records Exposed
~21,292,179
Claimed Data Volume
596GB (ransom claim)
77GB (forum sales listing)
77GB (forum sales listing)
Summary
In late November 2025, Iberia Airlines disclosed a data breach resulting from unauthorized access to a third-party supplier’s systems. Iberia confirmed customer data exposure but stated its internal airline systems were not directly compromised.
Roughly one week prior to customer notifications, a threat actor advertised Iberia-related data for sale on hacking forums. The relationship between the advertised dataset and the confirmed customer breach remains unclear.
The situation was reported as contained, but the exposed data is now considered at-risk for misuse.
About Iberia Airlines
Iberia is Spain’s flag carrier and part of International Airlines Group (IAG), alongside British Airways, Aer Lingus, and Vueling. Iberia operates a global route network and manages millions of customer loyalty accounts through the Iberia Club program.
If you have:
- Flown with Iberia
- Created an Iberia Club account
- Stored contact details for bookings
Your information may be affected, even if you have not traveled recently.
Data Points Exposed
Confirmed exposed fields include:
Full names
Email addresses
Phone numbers
Iberia Club loyalty card ID numbers
Not exposed, per Iberia:
Account passwords
Banking information
Full credit card numbers
Loyalty identifiers still carry meaningful fraud and phishing risk.
Threat Actor Activity
- Everest ransomware group demanded $6M
- Separate actor claimed to sell 77GB of Iberia-related data for $150,000
- Claimed contents included internal documentation and technical aircraft materials
- Iberia has not confirmed the authenticity or scope of the alleged internal data listings.
Impact
This breach raises moderate-to-high phishing risk for affected customers.
Primary threats include:
- Loyalty account phishing
- Airline-branded refund or compensation scams
- Fake itinerary or mileage adjustment emails
- Social engineering using known travel behavior
- Account takeover attempts via email control
Airline-related scams are highly effective due to urgency and travel stress.
Recommendations for Impacted Individuals
Act defensively. Do not assume this is harmless.
Secure Your Email
Enable MFA immediately
Watch for Targeted Phishing
Messages claiming refunds or breach compensation
Requests to “verify” Iberia Club details
Links mimicking Iberia login pages
Requests to “verify” Iberia Club details
Links mimicking Iberia login pages
Avoid Loyalty Account Reuse
Do not reuse airline credentials elsewhere
Change passwords even if Iberia says they were not accessed
Change passwords even if Iberia says they were not accessed
Monitor for Long-Delay Scams
Airline breach phishing often appears months later
Attackers wait for attention to fade
Attackers wait for attention to fade
ObscureIQ Advisory
Third-party vendor breaches are harder to detect and easier to underestimate. Loyalty identifiers and verified contact data are frequently chained into broader social engineering and account compromise campaigns.
If you are an ObscureIQ client, this breach can be checked against your active exposure profile. If not, a digital footprint audit can determine whether your data appears in this incident or related datasets already circulating.
This breach is contained operationally.
The data risk is not.
Credit
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
July 14, 2025
Every time there’s a major data breach, companies scramble to offer “free” credit monitoring. It sounds like a responsible move.…
Credible Threats
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
September 2, 2025
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars. Over 80% of security incidents now start in the browser. Chrome.…
Analysis
Sextortion Spam
May 10, 2025
Sextortion scams aren’t new, but they remain one of the most effective forms of cyber-enabled fraud. These scams don’t rely…
Contact ObscureIQ for a free breach impact check.
If you believe your information may be part of this breach,or want confirmation across other datasets,
We use a multi-layered intelligence stack, combining public and restricted dark-web sources, to confirm whether your data is in circulation.
