Spanish flag carrier Iberia has become the latest international airline to admit that it has fallen victim to a massive cyber attack after hackers were able to gain access to a computer system that stores a treasure trove of customer data.
Iberia started to notify affected customers of the hack attack on Sunday in an email which was sent out in Spanish. The airline says the data was stored on a third-party vendor’s computer system.
While Iberia didn’t specify its supplier, a number of major brands that use customer support software supplied by the US-based company Salesforce have suffered cyber attacks in the last few months.
Interestingly, however, the first airline to be linked to the Salesforce attack was Qantas, which first detected a systems breach back in July. Since then, several other airlines have also come forward as victims of the same attack, including Air France and Dutch flag carrier KLM.
Iberia says the hackers may have been able to steal customer names, along with their email addresses and frequent flyer numbers.
More sensitive information like credit card information and passwords, have not been compromised.
Hackers could, however, use the stolen data to target customers with a type of scam known as phishing, in which scammers send their victims an email that looks like it came from the airline or other legitimate company.
Phishing scams normally try to get victims to click on a link within the email that will usually do one of two things:
- Clicking the link will install malware on the victim’s computer, which can then be used by hackers to view sensitive information like bank login data, etc.
- Or it will redirect passengers to a fake website designed to look like the airline’s own site, whereby passengers hand over personal details which can then be used by the fraudsters.
In the email sent to customers, Iberia said: “The purpose of this communication is to inform you that, unfortunately, Iberia Airlines of Spain has detected a security incident related to unauthorized access to the systems of an Iberia supplier, which has compromised the confidentiality of certain data.”
The email continued: “As soon as we became aware of the incident, we activated our security protocol and procedures and adopted all the necessary technical and organizational measures to contain it, mitigate its effects, and prevent it from happening again in the future.”
Bizarelly, news of the data theft comes just a week after claims were made on an online message board that hackers had managed to steal 77 GB of sensitive commercial information from Iberia’s own internal computer systems.
The person behind the post claimed the data included technical data for Airbus A320 and A321 aircraft, as well as AMP maintenance files, engine information, and other internal documents.
The data was being put up for sale for $150,000, although its authenticity has not been verified, and Iberia has not commented on these allegations.
Iberia is part of the IAG airline group, which is based in Madrid but also owns a slew of other major carriers, including Aer Lingus, Vueling, and British Airways.
In 2018, British Airways suffered a massive data breach that resulted in the personal data of 429,612 customers and staff being stolen by hackers, including names, addresses, payment card numbers, and CVV numbers.
Also included in the data hack were the usernames and passwords of British Airways employees and login details for some members of BA’s Executive Club frequent flyer club.
Britain’s Information Commissioner’s Office (ICO) originally planned to fine British Airways £180 million for the breach but the penalty was reduced to just £20 million due to the impact the COVID-19 pandemic had on the airline business.
The full email that Iberia has to customers (translated)
Dear Customer,
The purpose of this communication is to inform you that, unfortunately, Iberia Airlines of Spain has detected a security incident related to unauthorized access to the systems of an Iberia supplier, which has compromised the confidentiality of certain data.
Despite the security measures implemented by Iberia, we have evidence of unauthorized access to certain personal data of our customers, which could include some of yours. The current investigation indicates that data such as your first and last name; email address; or loyalty card identification number (Iberia Club) may have been compromised.
Furthermore, we would like to inform you that under no circumstances have your Iberia account login details or passwords been compromised, nor has anyone been able to access the complete information on your bank cards, and therefore they are not usable
As soon as we became aware of the incident, we activated our security protocol and procedures and adopted all the necessary technical and organizational measures to contain it, mitigate its effects, and prevent it from happening again in the future, such as (i) protecting the change of your email address in your Iberia account (to modify the email address associated with your Iberia account, a verification code will be sent to you to verify that the changes are requested by you). We are also monitoring our systems to detect suspicious activity. Furthermore, in compliance with applicable regulations, we have notified the competent authority of the incident. The investigation into what happened remains open both internally and with our suppliers.
As of the date of this communication, we have no evidence of any fraudulent use of this data. In any case, we recommend that you pay attention to any suspicious communications you may receive to avoid any potential problems they may cause. We recommend that you report any anomalies or suspicions you detect to our call center by calling
