• Home
  • cyber
  • Iberia Airlines and Third-party vendor: Iberia Airlines in Spain Hit by Major Cyberattack as Passenger Data Theft Sparks Tourism Security Concerns Across Europe
cyber Ransomware

Iberia Airlines and Third-party vendor: Iberia Airlines in Spain Hit by Major Cyberattack as Passenger Data Theft Sparks Tourism Security Concerns Across Europe

Dec 1, 2025 3 min read
Iberia Airlines and Third-party vendor: Iberia Airlines in Spain Hit by Major Cyberattack as Passenger Data Theft Sparks Tourism Security Concerns Across Europe

Iberia Airlines Hit by Major Cyberattack as Everest Ransomware Group Steals Passenger Data

Iberia Airlines, one of Spain’s leading carriers, has suffered a significant cyberattack resulting in the theft of sensitive passenger data. The breach, attributed to the Everest ransomware group, exposed approximately 596 GB of information, including frequent flyer records, personal details, and travel booking data. While full payment card details remained secure, attackers claimed to have accessed partially masked credit card information, raising concerns over potential phishing and fraud risks.

The incident occurred after unauthorized access was gained through a third-party vendor, highlighting vulnerabilities in aviation’s interconnected digital infrastructure. The Everest group demanded a $6 million ransom, threatening to release or sell the stolen data if unpaid a move that could fuel large-scale fraud and reputational damage for Iberia and Spain’s tourism sector.

Affected passengers, particularly Iberia Club members, were notified of the breach, with the airline confirming no immediate fraudulent activity had been detected. However, travelers were advised to remain vigilant against phishing attempts, as stolen data including names, emails, and travel histories could be exploited for targeted scams.

This attack follows a pattern of high-profile cyber incidents in Europe’s aviation sector, including Everest’s previous disruption of the MUSE check-in platform in September 2025, which caused delays at major airports like London Heathrow and Berlin Brandenburg. The breach underscores the growing cybersecurity risks facing airlines, airports, and tourism-dependent economies, as digital transformation increases reliance on vulnerable third-party systems.

With Spain’s tourism industry heavily dependent on secure digital operations, the incident has reignited calls for stronger cybersecurity measures across Europe’s aviation and travel sectors. The breach serves as a stark reminder of the evolving threats to passenger data and the operational integrity of global air transport networks.

Source: https://www.travelandtourworld.com/news/article/iberia-airlines-in-spain-hit-by-major-cyberattack-as-passenger-data-theft-sparks-tourism-security-concerns-across-europe/

ThirdPartyTrust, a Bitsight company cybersecurity rating report: https://www.rankiteo.com/company/thirdpartytrust

Iberia cybersecurity rating report: https://www.rankiteo.com/company/iberia

"id": "THIIBE1774081558",
"linkid": "thirdpartytrust, iberia",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Passengers, particularly Iberia '
                                              'Club members',
                        'industry': 'Aviation',
                        'location': 'Spain',
                        'name': 'Iberia Airlines',
                        'type': 'Airline'}],
 'attack_vector': 'Third-party vendor compromise',
 'customer_advisories': 'Passengers advised to remain vigilant against '
                        'phishing attempts.',
 'data_breach': {'data_exfiltration': 'Yes (596 GB stolen)',
                 'personally_identifiable_information': 'Names, emails, travel '
                                                        'histories',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Frequent flyer records',
                                              'Personal details',
                                              'Travel booking data',
                                              'Partially masked credit card '
                                              'information']},
 'description': 'Iberia Airlines, one of Spain’s leading carriers, has '
                'suffered a significant cyberattack resulting in the theft of '
                'sensitive passenger data. The breach, attributed to the '
                'Everest ransomware group, exposed approximately 596 GB of '
                'information, including frequent flyer records, personal '
                'details, and travel booking data. While full payment card '
                'details remained secure, attackers claimed to have accessed '
                'partially masked credit card information, raising concerns '
                'over potential phishing and fraud risks.',
 'impact': {'brand_reputation_impact': 'Reputational damage for Iberia and '
                                       'Spain’s tourism sector',
            'data_compromised': '596 GB of sensitive passenger data',
            'identity_theft_risk': 'High (stolen personal details, travel '
                                   'histories, and partially masked credit '
                                   'card information)',
            'operational_impact': 'Potential phishing and fraud risks; '
                                  'reputational damage to Iberia and Spain’s '
                                  'tourism sector',
            'payment_information_risk': 'Partially masked credit card '
                                        'information accessed'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Threatened if ransom '
                                                    'unpaid',
                           'entry_point': 'Third-party vendor'},
 'lessons_learned': 'Highlights vulnerabilities in aviation’s interconnected '
                    'digital infrastructure, particularly third-party systems; '
                    'underscores growing cybersecurity risks in the aviation '
                    'and tourism sectors.',
 'motivation': 'Financial gain',
 'post_incident_analysis': {'root_causes': 'Unauthorized access through a '
                                           'third-party vendor; '
                                           'vulnerabilities in interconnected '
                                           'digital infrastructure'},
 'ransomware': {'data_exfiltration': 'Yes',
                'ransom_demanded': '$6 million',
                'ransomware_strain': 'Everest'},
 'recommendations': 'Stronger cybersecurity measures across Europe’s aviation '
                    'and travel sectors; enhanced third-party vendor security '
                    'assessments; improved passenger data protection '
                    'protocols.',
 'references': [{'source': 'Cyber incident report'}],
 'response': {'communication_strategy': 'Affected passengers notified; '
                                        'advisories issued against phishing '
                                        'attempts'},
 'threat_actor': 'Everest ransomware group',
 'title': 'Iberia Airlines Hit by Major Cyberattack as Everest Ransomware '
          'Group Steals Passenger Data',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.