A Russian-linked group of cyber criminals that brought chaos to European airports in September claims that a recent data breach at the Spanish flag carrier Iberia is far larger than the airline has admitted, and that millions of passengers have had highly sensitive personal information stolen
Along with the names and frequent flyer details of passengers that had been previously reported as compromised in the data breach, the Everest hacking group also claims to have stolen 596 GB of data containing customer contact details, birthdates, travel and booking information, along with masked credit card data.
On Sunday, Iberia first started to alert members of its Iberia Club frequent flyer program that their data could have been compromised in the cyber attack, which was linked to a breach of a third-party customer management software.
The Madrid-based carrier said the theft of data was limited to customer names, along with email addresses and frequent flyer numbers. The airline reassured passengers that it had already taken steps to secure its IT systems.
The Everest cybercrime group is financially motivated and attempts to extort large companies to pay ransoms in return for not publicly leaking data that it has stolen.
The group claimed responsibility for a September cyberattack on Collins Aerospace, which provides check-in software for a slew of major airports around the world.
The attack on the MUSE check-in system impacted operations at Brussels Airport, London Heathrow, Berlin Brandenburg, and several other European airports. Worst affected was Brussels, which was forced to cancel half of all flights for two days following the attack.
In a message posted on the dark web, someone claiming to represent Everest claimed it had been in contact with Iberia in an attempt to start negotiations over a ransom to return the data.
Iberia did not respond to a request for comment.
Along with the theft of personal data, another post on the dark web claims that a cybercrime group has managed to compromise Iberia’s internal computer systems, with the theft of technical data for aircraft and engines, along with other internal documents.
In recent months, the aviation industry has been put on high alert to the threat of cybercrime groups attempting to breach their computer systems. Despite the warnings, a growing number of airlines have recently admitted to fallen victim to these criminals.
In Europe, the Air France-KLM Group has admitted to being part of the massive Salesforce data breach, which is used by a number of well-known companies as a customer relationship management tool.
The Australian airline Qantas also fell victim to the same Salesforce breach. In North America, Hawaiian Airlines and WestJet have also suffered recent hack attacks, although details remain limited.
If the data is leaked, criminals could use passenger details to launch a phishing scam in which they send emails to their victims pretending to be from the real airline.
Phishing scams normally try to get victims to click on a link within the email that will usually do one of two things:
- Clicking the link will install malware on the victim’s computer, which can then be used by hackers to view sensitive information like bank login data, etc.
- Or it will redirect passengers to a fake website designed to look like the airline’s own site, whereby passengers hand over personal details, which can then be used by the fraudsters.
