Another airline just had a data leak
Summary
-
Iberia breached the names, email addresses and identification numbers of Iberia Club customers through a third-party vendor.
-
There is no evidence that passwords or payment data were stolen, but phishing and account misuse remain risks.
-
The threat actor offered 77 GB of Iberia data for sale; Airline systems and technical documents may be impacted.
Airline violations are pretty serious because even if you don’t fly every day, airlines keep a wealth of information about you, especially if you sign up for their frequent flyer programs. It’s not a US airline, but if you’ve ever flown to Spain, you might want to keep reading.
Iberia, Spain’s national airline, has started notifying its customers of a data security incident resulting in the disclosure of personal information. The breach, which the airline attributes to a compromise within its supply chain, prompted an investigation by data protection authorities and raised concerns about possible phishing campaigns targeting travelers. According to notifications sent to affected passengers, first analyzed by threat intelligence platform Hackmanac, the unauthorized access occurred within the systems of a third-party service provider used by Iberia. The breach allowed attackers to view and exfiltrate specific customer information.
Iberia has confirmed that the compromised data points include customer first and last names, email addresses associated with booking profiles and Iberia Club rewards program identification numbers. The airline also said that there is currently no evidence to suggest that account login credentials (passwords) or sensitive financial data, such as credit card numbers or banking details, were accessed during the intrusion.
About seven days before the customer notifications, a threat actor appeared on a cybercrime forum, claiming to have successfully hacked the airline. The individual attempted to sell a 77GB data set for $150,000, alleging that the data was “pulled directly from internal servers.” The forum post listed the contents of the stolen cache as voluminous technical documentation rather than customer databases – primarily items such as technical data on Airbus A320 and A321 aircraft, AMP maintenance files, engine specifications and various internal documents.
It is unclear whether the customer notification Iberia discusses in this disclosure was extracted as part of the breach. If anything, this other violation is more devastating to the airline itself than to customers. But if it contains customer data, you may still want to take steps to change your passwords or perhaps spend your Iberia Club points before someone else does.
Source: sleeping computer
