The Spanish flag carrier airline, Iberia, has officially disclosed a security incident that impacts members of its Iberia Plus loyalty program. The breach did not originate within Iberia’s own systems but was the result of a security issue at one of its third-party suppliers.

Iberia has been notifying affected customers via data breach notification letters. In these communications, the airline confirms that the incident stemmed from a vulnerability at a third party it utilizes. The airline also clarified that its internal systems were not compromised as part of this event.

Details of Exposed Member Data

According to the notification letters sent to affected individuals, the compromised information includes several types of personal data associated with the Iberia Plus accounts. The exposed data consists of members’ full names, ID card numbers, contact information, and their Iberia Plus card numbers.

The airline has explicitly stated that the breach did not expose any financial information or other forms of sensitive data. Customers’ payment details remain secure. As a precautionary measure, Iberia has advised affected members to reset the passwords for their loyalty program accounts and to remain vigilant for potential phishing attempts that may leverage the exposed personal information.

Airline’s Response and Recommendations

In response to the incident, Iberia has taken the step of directly informing the impacted members of its loyalty program. The company’s primary recommendation for these individuals is to change their account passwords immediately to safeguard their accounts. Furthermore, users are advised to be cautious of unsolicited communications, such as emails or text messages, that ask for personal information or direct them to suspicious websites.

Source: https://securityaffairs.com/184985/data-breach/iberia-discloses-security-incident-tied-to-supplier-breach.html