Spain's flag carrier Iberia Airlines disclosed a significant data security incident in November 2025 that should put all customers on high alert. The breach, which occurred through a compromised third-party supplier, has exposed personal information and created new risks for travelers who have flown with the airline.
What happened in the Iberia cyberattack
Iberia detected unauthorized access to systems belonging to one of its suppliers, which led to the compromise of customer data. The airline began notifying affected passengers over a weekend in late November 2025, explaining that despite its security measures, attackers gained access to certain personal information.
The compromised data may include customer names, email addresses and Iberia Club loyalty card identification numbers. The good news is that account login credentials, passwords and financial details like banking or credit card information were not accessed.
The timing of the disclosure is notable. About a week before Iberia's customer notifications went out, a threat actor claimed on dark web forums to be selling 77 GB of alleged Iberia data for $150,000. While it remains unclear whether this separate data dump is connected to the customer breach, the incident highlights the multiple vulnerabilities facing modern airlines.
Immediate phishing risks for Iberia customers
If you're an Iberia customer, you need to be immediately aware of possible phishing attempts. The compromised information could be used to m
Source: https://www.acronis.com/en/blog/posts/iberia-airlines-data-breach-what-customers-need-to-know/
TPRM report: https://www.rankiteo.com/company/international-airlines-group-iag-
"id": "int1764396038",
"linkid": "international-airlines-group-iag-",
"type": "Breach",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': None,
'industry': 'Aviation',
'location': 'Spain',
'name': 'Iberia Airlines',
'size': None,
'type': 'Airline'}],
'attack_vector': 'Third-party supplier compromise',
'customer_advisories': 'Customers notified of potential phishing '
'risks and advised to monitor for '
'suspicious activity',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Likely (based on dark web '
'claims)',
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': ['Names',
'Email '
'addresses'],
'sensitivity_of_data': 'Moderate (no financial '
'or login credentials '
'exposed)',
'type_of_data_compromised': ['Personal '
'information',
'Loyalty program '
'data']},
'date_publicly_disclosed': 'November 2025',
'description': "Spain's flag carrier Iberia Airlines disclosed a "
'significant data security incident in November '
'2025, exposing personal information of customers '
'due to a compromised third-party supplier. The '
'breach led to unauthorized access to customer '
'data, including names, email addresses, and '
'Iberia Club loyalty card identification numbers. '
'A threat actor also claimed to be selling 77 GB '
'of alleged Iberia data on dark web forums for '
'$150,000, though the connection to the breach '
'remains unclear.',
'impact': {'brand_reputation_impact': 'Potential reputational '
'damage due to exposure of '
'customer data and dark '
'web claims',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': ['Customer names',
'Email addresses',
'Iberia Club loyalty card '
'identification numbers'],
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'Increased risk due to exposed '
'personal information',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': 'None (financial details '
'not accessed)',
'revenue_loss': None,
'systems_affected': ['Third-party supplier systems']},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': '77 GB of '
'alleged '
'Iberia data '
'offered for '
'$150,000 '
'(connection '
'to breach '
'unconfirmed)',
'entry_point': 'Compromised '
'third-party supplier',
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing (connection between breach and '
'dark web data sale unclear)',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': 'Third-party supplier '
'vulnerability'},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'recommendations': ['Customers advised to be vigilant against '
'phishing attempts due to exposed personal '
'information'],
'references': [{'date_accessed': None,
'source': 'Iberia Airlines customer notification '
'(late November 2025)',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Customer notifications '
'sent in late November '
'2025',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': 'Yes (customer '
'notifications '
'initiated)',
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': 'Iberia Airlines Data Security Incident (November 2025)',
'type': 'Data Breach'}