Overview
- Iberia says unauthorized access to a supplier’s systems exposed limited customer details, including names, email addresses, and Iberia Club loyalty IDs.
- The airline reports that account credentials and banking or card information were not compromised and says it has seen no evidence of fraudulent use to date.
- New protections require a verification code before changing the email linked to customer accounts, with heightened monitoring and regulator notifications in place.
- The disclosure follows an online claim offering 77 GB of purported Iberia data for sale, a listing that remains unverified and not clearly connected to the supplier incident.
- Iberia is investigating with the supplier and urges customers to be alert for suspicious messages and to report anomalies to its call center.