Spanish flag carrier airline.
In November 2025, Spanish airline Iberia disclosed a data breach originating from a compromised third-party supplier - a vulnerability in the Collins Aerospace vMUSE passenger-processing system. The Everest ransomware group claimed responsibility and, after its ransom deadline passed, published the stolen data (~596GB of internal company data). Exposed customer data included names, email addresses, and Iberia Club loyalty-card numbers; account passwords and financial/banking details were not accessed.
ObscureIQ assessment: Exposure enables travel fraud, phishing, booking impersonation, and physical-world targeting. Itinerary and loyalty data can also reveal movement patterns and likely absence from home.
The identity, contact, and loyalty data supports targeted phishing and loyalty-account fraud against travelers; no credentials or payment data were exposed.
Spanish flag carrier airline.
Airlines collect passenger identity, contact details, booking records, payment-adjacent information, itinerary data, loyalty accounts, and customer-service interactions across travel operations.
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Attribution and method are based on available breach intelligence. Reported attack vector: Third-Party Vendor.
If you believe your information may be included:
In November 2025, Spanish airline Iberia disclosed a data breach originating from a compromised third-party supplier - a vulnerability in the Collins Aerospace vMUSE passenger-processing system. The Everest ransomware group claimed responsibility and, after its ransom deadline passed, published the…
Verified fields include Email Address, Full Name, Phone Number.
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Every claim on this page is traceable. This breach draws on:
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation