Spanish flag carrier Iberia has become the latest victim of a cyberattack: customer data was exposed, while a threat actor is offering 77 GB of alleged internal documentation on the dark web.
Iberia — Spain’s largest airline and part of the International Airlines Group — has notified customers of a data exposure incident. According to the airline, the breach occurred due to unauthorized access to one of its suppliers’ systems rather than its own infrastructure.
In a notice obtained by threat intelligence platform Hackmanac, Iberia states that leaked data may include customers’ names, email addresses, and Iberia Club loyalty card numbers. Login credentials, passwords, and payment data were not compromised.
Meanwhile, a dark web threat actor claims to possess “77 GB of data extracted directly from Iberia’s internal servers,” offering the archive for $150,000. The files allegedly include A320/A321 technical documents, AMP maintenance files, engine data, and other internal materials that could be valuable for industrial espionage or supply-chain attacks.
It remains unclear whether the two incidents are connected: the listing does not mention customer data, while Iberia links its breach to an unnamed third-party vendor. Researchers warn that the leaked technical files increase risks of social engineering, targeted phishing, and reconnaissance against staff, partners, and maintenance workflows. This incident follows a growing wave of cyberattacks on airlines, including breaches at American Airlines, WestJet, Qantas, Hawaiian Airlines, and Delta in the past year.
The aviation sector is an attractive target due to complex IT ecosystems, extensive reliance on external providers, and high reputational stakes. Supply-chain weaknesses often allow attackers to access sensitive data without breaching the airline directly.
The Iberia breach highlights the escalating cyber risks facing global airlines. Whether or not the data sold on the dark web is linked to the customer breach, both incidents expose critical vulnerabilities — from social engineering to industrial espionage. Strengthening supplier oversight and transparent communication with passengers is essential.
