Another major airline hacked, customer data exposed

Another day, another airline hit. This time, it’s the Spanish flag carrier Iberia notifying customers of a data security incident, allegedly caused by a compromise at one of its suppliers.

According to the airline, unauthorized access to a supplier’s systems led to the exposure of certain customer data.

Iberia’s breach notification, seen by threat intelligence platform Hackmanac, suggests that the data might include:

1. Customer's name and surname
2. Email address
3. Loyalty card (Iberia Club) identification number

In the email, the airline claims that customers’ Iberia account login credentials and passwords weren’t compromised. Banking or credit card details weren’t accessed either.

🚨Cyber Alert‼️

🇪🇸Spain - Iberia

Iberia Airlines reports a security incident involving unauthorized access to an external provider, exposing customer names, emails, and Iberia Club loyalty IDs.

Sector: Air Transport
Threat class: Cybercrime

Status: Confirmed pic.twitter.com/wFwtBSrfZu

undefined Hackmanac (@H4ckmanac) November 23, 2025

“As soon as we became aware of the incident, we activated our security protocol and procedures and implemented all necessary technical and organizational measures to contain it, mitigate its effects, and prevent its recurrence,” says the notification, sent out in Spanish.

Iberia – Spain’s largest airline and part of the International Airlines Group – disclosed the incident a few days after a threat actor claimed on the dark web to have access to 77GB of data stolen from the airline and was attempting to sell it for $150,000.

In the forum post, the threat actor claimed the data was extracted “directly from the airline’s internal servers,” and contained A320/A321 technical data, AMP maintenance files, engine information, and other internal documents.

The material is also being “marketed” for industrial espionage, resale to competitors, or potential use by governments of China or Russia.

It wasn’t immediately clear whether the purported data dump was related to Iberia’s incident. The listing doesn’t mention the customer information Iberia says was exposed, and the airline attributes the breach to an unnamed third-party vendor.

We have contacted Iberia’s press team for clarification and will update the article once we receive a response from the airline.

According to the Cybernews researchers, the data snippets posted by the threat actor increase the risk of social engineering and, possibly, supply chain attacks.

“It may also lead to regulatory scrutiny and reputational damage because the leaked documents reveal internal processes and sensitive operational details. Threat actors could also use this info for reconnaissance that can be later exploited to target staff, vendors, and maintenance workflows,” our researchers said.

Either way, airlines are increasingly targeted by threat actors. In October, American Airlines was breached in the ClOp Oracle attack spree, and in August, Canada’s WestJet also confirmed a cyber breach.

There was also the Qantas cyberattack and a ransomware hit on Hawaiian Airlines earlier in the year. And Delta Airlines also suffered massively in 2024 after having to delay thousands of flights after a widespread IT outage.

The Cybernews community is talking about this. Be a part of the conversation.

Why are airlines being targeted? Cybernews researchers suggest that the trend may have emerged due to a larger attack surface, as the aviation industry often involves numerous third-party providers, which increases the potential for weak links to be identified and exploited.

“Besides, airlines are highly visible brands with a lot of public trust on their shoulders. Disrupting operations or leaking their data can cause reputational damage, giving attackers more leverage,” our researchers point out.

---

Unlock more exclusive Cybernews content on YouTube