Iberia Customer Data Leak: Vendor Security Breach Exposes Personal Information

Are you aware of the most recent data breach at Iberia? The airline informed customers that a third-party vendor it had contracted experienced a security incident during which some customer data was compromised. Actually, Iberia is the flag carrier airline of Spain, meaning it’s the main airline representing the country. If you are a customer of Iberia, you may be wondering what happened.

What Was The Data Breach?​

The leaked data included:

• Customer names
• Email addresses
• Iberia Club loyalty numbers

The good news: passwords, log-ins, and bank information were not compromised. Iberia also instituted new security features, including verification codes for any account changes. They are also monitoring the situation for any suspicious behavior.

What Happened?​

The data breach was due to a third-party vendor's system being hacked and not the Iberia system itself. Reports from the hacker indicated they have 77 GB of Iberia data to sell online, including technical files relating to planes and maintenance. It is unclear if the compromised data includes customer information.

Have you ever questioned why companies take their time notifying you? Very often, they first learn what happened and secure their systems. I suspect Iberia gathered its evidence before sending out communications, which is a prudent way to handle it.

What Should The Customer Do?​

Iberia recommends for its customers to be careful with unfortunate emails or calls; and, again, to report any unusual activity to Iberia at +34 900111500.

This shows that even trusted companies can experience problems with data through vendors.

Why This Is Important​

This breach shows why vendor security is important. A company may have strong security on the inside, but its partners' poor security could unveil the customers' data. Iberia reacted quickly to mitigate the risks, however this breach should remind everyone to stay vigilant.