Overview
- Iberia began notifying customers over the weekend that a third‑party supplier was compromised, leading to unauthorized access to some personal data.
- The airline says exposed information may include names, email addresses, and Iberia Club identification numbers.
- Iberia reports no access to account passwords or banking and payment card details, and no evidence of fraudulent use so far.
- Response measures include activating security protocols, boosting verification before changing the email linked to accounts, increased monitoring, and notifying regulators.
- A separate online claim offering 77 GB of purported Iberia internal data for sale remains unverified, and its connection to this supplier incident is unknown.