Spanish flag carrier Iberia has begun notifying customers of a data security incident stemming from a compromise at one of its suppliers.
The disclosure comes days after a threat actor claimed on hacker forums to have access to 77 GB of data allegedly stolen from the airline.
Customer data affected
Iberia, Spain's largest airline and part of IAG (International Airlines Group), says unauthorized access to a supplier's systems resulted in the exposure of certain customer information.
According to an email seen by threat intelligence platform Hackmanac, the compromised data may include:
Customer's name and surname Email address Loyalty card (Iberia Club) identification number
The airline says customers' Iberia account login credentials and passwords were not compromised, nor was any banking or payment card information accessed.
Iberia notice of security incident emailed to customers (Hackmanac on X)
"As soon as we became aware of the incident, we activated our security protocol and procedures and implemented all necessary technical and organizational measures to contain it, mitigate its effects, and prevent its recurrence," states the security notice mailed out in Spanish.
Iberia says it has added additional protections around the email address linked to customer accounts, now requiring a verification code before any changes can be made.
... continue reading