Breaking: Iberia Confirms Customer Data Leak

Did hackers break into Iberia, and is my travel information at risk?
Yes. On November 23, 2025, Iberia confirmed a security breach that exposed customer names, email addresses, and loyalty numbers after a third-party supplier gained access to them without permission. Iberia says that no one was able to get into passwords or payment card information, and they told the police and Spanish data protection authorities.

The Iberia data breach has made millions of travelers nervous and raised new concerns about the safety of airline supply chains in Europe. Companies that handle reservations, loyalty programs, and communications are good targets. This article talks about what happened, who says they are responsible, what was probably taken, and what passengers can do right now to protect themselves and their rights. The information below is based on statements from Iberia and independent cybersecurity news.

What happened in the Iberia data breach, and how did it happen?

Iberia said that hackers were able to get into the systems of an outside supplier that the company used for communication and data exchange without permission. The airline told customers that it found out about the incident in late November 2025 and immediately put its incident response plans into action. Iberia stressed that the safety systems on the flight were not affected.

The person who committed the crime posted claims and data lists on cybercrime forums for everyone to see. Early posts said that the dataset was between 77 and several hundred gigabytes, but some vendors and analysts gave different totals. The Everest ransomware group publicly took credit for the attack and asked for a ransom. Other reports say that the attackers offered parts of the data for sale. There is some doubt about the full size and exact contents of the leak because many criminals have been involved in posting and selling files.

What kinds of customer information were made public?

Iberia and several other independent reports say that the exposed fields included customers' full names, email addresses, and Iberia Club loyalty membership numbers. Some reports also mention phone numbers and reservation codes for some of the bookings. The airline also said that it has no proof that passwords or full payment card details were accessed, which is important. Some threat posts, on the other hand, say that internal technical files and operational documents were also stolen, but the airline has not been able to confirm that claim on its own.

Who is to blame, and what are the ransom demands?

A criminal group that went by the name Everest said they were responsible and asked for about six million US dollars to keep the data from being released. Researchers and news outlets have reported that Everest has previously gone after businesses in the travel and logistics sectors. Still, people are always careful when it comes to cybercrime. There are still some things that haven't been confirmed, like the exact number of internal documents that are said to be in the trove and whether all of the published listings really came from Iberia systems.

Passengers should take these steps right away.

• Look in your email for an official message from Iberia and follow the steps to verify. Iberia started getting in touch with customers who were affected.
• If you used the same password for more than one account, change the passwords for your travel and email accounts. Iberia said that passwords were not leaked, but hackers often use information from many breaches. Make sure each account has a strong, unique password.
• If you can, turn on two-factor authentication for your email and Iberia accounts. Iberia said that they had put in place extra controls, such as needing confirmation for email changes.
• Keep a close eye on your bank and credit card statements for charges you don't know about. Iberia said there was no proof that bank information was accessed, but it's still a good idea to be careful.
• If you see strange activity or your personal information shows up in dark web listings, you might want to freeze your credit or sign up for credit monitoring. You can pay for extra protection from identity theft services.
• If you have Iberia Club points, check your account activity and get in touch with Iberia right away if you see any redemptions that don't make sense. In recent airline incidents, point theft has happened to some loyalty accounts around the world.

Why a supplier breach is important and the bigger risks it poses

When an airline uses third-party companies to handle communications, ticketing, or loyalty programs, those companies often have a lot of customer data. If that vendor's security is broken, the airline's security is also broken because the vendor had legal access to passenger records. This is known as a third-party vendor breach, and it is one of the most common reasons for data breaches today.

Attackers can do a lot of bad things with that exposure. They can send travelers fake phishing emails, try to use stolen credentials on other services, or sell contact lists on the dark web. Attackers may be able to transfer points or pretend to be members to change bookings if they get their hands on stolen loyalty data. Even though the criminals didn't get any financial information or passwords in this case, the leaked names and emails are still useful to them.

Optional example or situation

A similar event happened recently with a loyalty vendor that several carriers used. Emails and phone numbers of members were leaked, which led to a lot of phishing and a few fake award redemptions. That case showed how hackers put together small pieces of data from different breaches to make scams that work. Airlines now often require immediate password resets and extra authentication after supplier incidents, learning from that example. The Iberia response is similar to those lessons, but it also includes more monitoring and notifications to law enforcement.

Important insights

Pros

• Iberia found out about the incident, let affected customers know, and said it worked with the authorities and the national cybersecurity center. Prompt notification is important for following the law and keeping customers safe.
• The airline says that no payment card or password information was leaked, which lowers the risk of fraud right away if this is true. This focus makes the direct harm vector smaller.

Disadvantages and unanswered questions

• There is still disagreement about the size and contents of the dataset. Threat actors posted files with different sizes and descriptions, making it hard to figure out how far the breach went. It is still not possible to independently verify what was taken.
• Supplier ecosystems put you at risk of repeated exposure. Even companies with strong controls can be hacked, and the chain of trust is only as strong as its weakest link. This event shows how travel technology stacks are weak in a lot of ways.

Frequently Asked Questions with Short Answers

Q: Did someone break into Iberia?
Yes. In late November 2025, Iberia said that someone had accessed a supplier system without permission and told customers who were affected.

Q: What information was stolen in the Iberia breach?
A: The data that was reported includes names, email addresses, and Iberia Club loyalty numbers. Some sources give phone numbers and booking codes for some records. Iberia says that no one was able to get to passwords or bank card numbers.

Q: How do I find out if my information was in the Iberia leak?
A: Check your Iberia Club account for any strange activity and look for an email from Iberia. If you're not sure, call Iberia customer service or their data protection officer and tell them about any strange messages.

Q: Will Iberia pay for the data breach?
A: Under GDPR, EU residents who are affected may have the right to compensation if they can show harm. The investigation results and legal claims will decide if Iberia will pay and how much. If you want to make a claim, get legal advice.

Last Thoughts

The Iberia data breach shows that travel companies and their suppliers have sensitive, valuable information. If you've flown with Iberia, check any official messages, make your account more secure, and keep an eye on your bank statements.

If you got emails that looked suspicious and mentioned recent bookings, treat them as possible phishing attempts and check directly with the official Iberia website or phone line. If you see any unauthorized activity, tell your bank and Iberia about it. If you live in the EU and think your personal information has been stolen, you might want to look into credit monitoring or talk to a data protection adviser.

You can also read these important cybersecurity news articles on our website.

·       Apple Update,

·       Windows Problem,

·       Chrome Update,

·       WordPress Issue

·       Apple os update

For more, please visit our Homepage and follow us on X (Twitter) and LinkedIn for more cybersecurity news and updates. Stay connected on YouTube, Facebook, and Instagram as well. At Hoplon Infosec, we’re committed to securing your digital world. 

Author: Hoplon InfoSec
Bio: Digital security enthusiast and securing individuals’ digital assets for over 10 years. 
Connect us via [email protected]
Address: 1415 W 22nd St Tower Floor, Oak Brook, IL 60523, United States
Phone: +1 773-904-313 
About/Privacy: At Hoplon InfoSec, we provide expert insights into cybersecurity. Our editorial policy: all articles are written by in-house specialists or thoroughly reviewed by them to ensure accuracy, credibility, and up-to-date information.