Post

Iberia discloses security incident tied to supplier breach

Posted
By ictsec.pl
1 min read

Iberia, the flag carrier airline of Spain, is notifying customers of a data breach stemming from a security incident affecting one of its third-party suppliers. The breach resulted in the exposure of customer data, including names, email addresses, and Iberia Club loyalty IDs. While Iberia states that customer accounts and passwords were not compromised, the airline is urging customers to remain vigilant for suspicious activity.

The airline confirmed the unauthorized access to a supplier’s systems and said it immediately activated its security protocols upon discovery. These measures included implementing technical and organizational controls to contain the incident, reinforcing account change protections, and increasing system monitoring. Iberia has also notified regulators and is actively investigating the breach in collaboration with the affected supplier.

Adding another layer of complexity, a threat actor is claiming to possess 77 GB of Iberia’s internal data and is attempting to sell it for $150,000. This data allegedly includes technical documentation related to A320 and A321 aircraft, AMP maintenance files, engine data, and internal documents, some of which contain signatures and certificates.

The threat actor is alleging that the stolen data is ISO 27001 and ITAR-classified. The purported reasons for selling include espionage, resale to competitors, or potential use by nation-state actors like China or Russia. Security professionals should consider the potential risk associated with this sensitive information being used for malicious purposes, particularly if the claims about the data’s classification are accurate.

Iberia is urging customers to be cautious of phishing attempts or other suspicious communications and to report any concerns to their call center at +34 900 111 500. Security teams should monitor for any indicators of compromise associated with Iberia’s systems or related to the compromised supplier, paying close attention to network traffic and unusual account activity. Additionally, organizations should be aware of the potential for the leaked data to be used in targeted attacks against individuals or organizations connected to Iberia.

To read the complete article, see: Security Affairs.

DATA BREACH
SECURITY INCIDENT DATA BREACH IBERIA CUSTOMER DATA EXPOSURE
This post is licensed under CC BY 4.0 by the author.