Hackers who managed to penetrate a database containing personal passenger details for the Spanish flag carrier Iberia are now reportedly demanding $6 million from the airline as a ransom to stop the data being leaked or sold.
The data breach was allegedly perpetrated by a Russian-linked group of Hackers known as Everest, who were also responsible for a ransomware attack in September that brought chaos to several major European airports when check-in software was taken offline.
Everest is a group of cybercriminals who are motivated by financial reward and generally seek ransoms from big corporate victims to return data or restore access to critical IT systems that they have managed to infiltrate.
News of a data breach at Madrid-based Iberia first emerged last Sunday when the airline started to email members of its frequent flyer club, Iberia Club, that their personal details may have been stolen.
Iberia says some of the data stolen by the hackers includes:
- First and last names of frequent flyer members
- Email addresses
- Loyalty card information
The airline also says that full details of bank cards have not been compromised, although the hackers claim to have obtained masked credit card data, along with customer contact details, birthdates, travel, and booking information.
In total, the hackers claim to have stolen 596 GB of data from Iberia.
In a message posted to the dark web, an individual claiming links to Everest said: “A full data leak would have catastrophic consequences for both customers and the company, triggering a massive wave of spam and fraud.”
Criminals might not be able to use the stolen data to immediately defraud passengers, but they could use the information to carry out so-called phishing attacks on Iberia Club members.
Using the stolen data, fraudsters could send highly personalized emails to victims that look and feel like they have genuinely been sent by Iberia. These fake emails would, however, induce victims to click on links that would allow the criminals to install ransomware or steal full credit card information from victims.
In an updated communication to customers, Iberia said: “As of the date of this communication, we have no evidence that any fraudulent use of this data has occurred.”
“In any case, we recommend that you pay attention to any suspicious communications you may receive, in order to avoid any inconvenience that such communications may cause you.”
The email added: “We recommend that you report any anomalies or suspicions you detect to our call center.”
When Everest brought chaos to European airports in September, it managed to infiltrate a computer system called MUSE, which runs check-in systems at several major airfields, including London Heathrow, Brussels, and Berlin Brandenburg.
The hackers took the system offline and demanded a ransom from Collins Aerospace, the US corporate giant behind the MUSE software. It’s not known whether Collins gave in to the hacker’s demands, but it took several days for the computer system to be restored.
