Security Alert: Iberia Airlines Reports Customer Data Breach
Iberia Airlines, part of the International Airlines Group (IAG) along with British Airways and Aer Lingus, has notified its customers about a security incident that compromised personal information. The data breach originated through an Iberia supplier, underscoring the inherent risks to supply chain security.
The airline began sending notifications to customers over the weekend, revealing that the incident involved unauthorized access to a supplier’s systems.
Compromised Data
Iberia’s investigation indicates that compromised personal customer information could include:
- Nombre y apellidos.
- Email address.
- Loyalty card identification number (Iberia Club).
Iberia was emphatic in pointing out that no customer login credentials or financial details were accessed during the incident.
Iberia Response and Mitigation Measures
After detecting the incident, Iberia implemented “all the necessary technical and organizational measures” to contain the situation and recover. As part of these security measures:
- New controls have been implemented to prevent unauthorized changes to customer accounts. *Any customer attempting to change their password must now enter a verification code sent by the airline. *The company continues to monitor suspicious activity and has notified the relevant authorities.
Implications and Warning to Customers
Although Iberia claims to have no evidence that the stolen information is being used fraudulently, the airline urged customers to be alert for possible suspicious communications. The compromised information (name and email) could be used by attackers to create more credible and targeted phishing attacks.
Threat Context in the Airline Industry
The incident comes against a backdrop of growing threats directed at the aviation industry. Hackmanac previously revealed that a threat actor was attempting to sell a 77GB trove of passenger data for $150,000. Although it is unclear whether this haul is directly related to the Iberia breach, the incident highlights the value of passenger data to cybercriminals.
Additionally, other airlines such as Air France and Qantas have been linked to a sophisticated campaign targeting Salesforce customers, illustrating the breadth of supply chain attacks in the sector.
Conclusion
The Iberia Airlines security breach is a crucial reminder of the vulnerability of organizations to the security deficiencies of their suppliers. The airline has taken mitigation measures, but the main recommendation for customers is to increase vigilance against possible phishing attacks that seek to exploit compromised information to obtain access credentials or financial data.