Iberia Airlines 2025 Data Breach

Iberia Airlines Breach (2025): 21 Million Customer Records Including Name, Email & Phone Exposed via Everest Ransomware | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

EverestThird-Party VendorTravel: AirEmail AddressFull NamePhone Number
Low SeverityWebsite / service breach

Iberia Airlines Breach (2025): 21 Million Customer Records Including Name, Email & Phone Exposed via Everest Ransomware

Spanish flag carrier airline.

Verified by ObscureIQ Intelligence
30/100Breach Risk Index
5Data Value
40Market Recency
208dSince Breach

Breach Intelligence Summary

Entity: Iberia Airlines · Actor: Everest · Sources: 2 references
Attack: Third-Party Vendor
Profile: Company · Passenger air transportation · Commercial airline · Spain / Global
Timeline: Breach (2025-11-25) · Indexed (Dec 12, 2025) · Year (2025)
Exposure: 21.3M records · 3 fields: Email Address, Full Name, Phone Number
Status: Confirmed

Executive Summary

In November 2025, Spanish airline Iberia disclosed a data breach originating from a compromised third-party supplier - a vulnerability in the Collins Aerospace vMUSE passenger-processing system. The Everest ransomware group claimed responsibility and, after its ransom deadline passed, published the stolen data (~596GB of internal company data). Exposed customer data included names, email addresses, and Iberia Club loyalty-card numbers; account passwords and financial/banking details were not accessed.

ObscureIQ assessment: Exposure enables travel fraud, phishing, booking impersonation, and physical-world targeting. Itinerary and loyalty data can also reveal movement patterns and likely absence from home.

Breach Impact

The identity, contact, and loyalty data supports targeted phishing and loyalty-account fraud against travelers; no credentials or payment data were exposed.

About Iberia Airlines

Spanish flag carrier airline.

Why They Hold Your Data

Airlines collect passenger identity, contact details, booking records, payment-adjacent information, itinerary data, loyalty accounts, and customer-service interactions across travel operations.

Data Points Exposed

3 verified field types
Email Address
Full Name High
Phone Number

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Moderate
Primary downstream threats:
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • SIM swapping, vishing & SMS phishing

Threat Actor: Everest

Everest
Third-Party Vendor

Attribution and method are based on available breach intelligence. Reported attack vector: Third-Party Vendor.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the Iberia Airlines breach?

In November 2025, Spanish airline Iberia disclosed a data breach originating from a compromised third-party supplier - a vulnerability in the Collins Aerospace vMUSE passenger-processing system. The Everest ransomware group claimed responsibility and, after its ransom deadline passed, published the…

What data was exposed?

Verified fields include Email Address, Full Name, Phone Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation