Iberia has admitted falling victim to a cyberattack following an unauthorised external access to one of its data repositories.
The Spanish carrier reported the incident to the Guardia Civil’s Central Operative Unit (UCO), the Spanish Data Protection Agency, and the National Cybersecurity Institute (INCIBE).
The airline stressed that flight safety and operational systems were never compromised.
According to a company spokesperson, the breach affected a communications repository hosted and managed by a third-party provider.
The system contained only limited, non-operational information, though some customer data was accessed.
The exposed information includes names, surnames and email addresses, and in fewer cases phone numbers and Iberia Plus membership numbers.
The airline insists that no complete or usable payment information, such as credit card details, was accessed, nor were account passwords or login credentials.
While some booking codes for future flights were extracted, Iberia says it has no evidence so far of fraudulent activity linked to them.
The company has contacted affected customers individually and has emailed all users to inform them of the incident.
The email also reiterates that no Iberia account credentials or passwords have been compromised.
Read more Andalucia news at the Spanish Eye.
