Iberia airline detects serious data breach and activates security protocol

Spain's flag carrier airline Iberia, which carried a record 31.7 million passengers last year, informed its customers of a serious security incident on 23 November. The airline, owned by the Anglo-Spanish holding company IAG, detected a data protection breach that, fortunately, does not involve customers' payment details and passwords. Similar incidents have recently been reported by Logitech, Telefónica, Bank of America and Tesla.

According to Iberia, the incident happened when one of the company's technology providers detected unauthorised access. The company informed its customers that the data potentially exposed includes names and surnames, email addresses and identification numbers of Iberia Plus loyalty profiles.

However, Iberia said that passwords, account access credentials and full banking information had not been hacked. Therefore, there is no risk of fraudulent transactions.

The airline stated that it had immediately activated its security protocol. Measures taken include strengthening checks for changes to email addresses linked to accounts and continuous monitoring of its systems for suspicious activity. In addition, Iberia has reported the incident to the relevant data protection authority, in compliance with European and national legal requirements.

The company recommends that customers remain alert to any suspicious communications they may receive in the coming days, especially emails or messages attempting to impersonate Iberia to request personal information.

This cybersecurity incident comes just hours after the Spanish airline announced the temporary cancellation of all commercial flights to Venezuela. This suspension follows an alert issued by the US Federal Aviation Administration (FAA), which advised airlines to exercise extreme caution when flying over the area due to deteriorating security and increased military activity in Venezuelan airspace.