Iberia Hit by Cyberattack: $6 Million Ransom for Stolen Passenger Data

MADRID- The recent cyberattack by the Everest ransomware group has compromised Iberia Airlines (IB), Spain’s national airline based at Adolfo Suárez Madrid–Barajas Airport (MAD).

The hackers are demanding a ransom of $6 million to prevent the release of 596 GB of stolen passenger information. This data includes names, email addresses, birth dates, and masked credit card details, along with booking histories.

Iberia alerted its Iberia Club members about the breach via email last Sunday, signaling that personal information may have been exposed.

This Russian-connected Everest group had previously disrupted check-in systems at major European airports in September.

Iberia Confronts $6 Million Ransom Demand

The Everest group reportedly accessed Iberia’s data through a third-party vendor, acquiring 596 GB of sensitive information. This includes around 430 GB of emails with over 5 million editable records.

A member of the Everest group suggested that a complete data leak could lead to severe repercussions for both customers and the airline, resulting in a significant increase in spam and fraud.

They are threatening to release or sell the data unless Iberia complies with their $6 million demand. While full credit card numbers were not exposed, the masked card data, along with personal information, enables potential phishing attacks.

Data Confirmed Stolen from Iberia

Iberia (IB) has confirmed that the breach impacts frequent flyer accounts and includes:

• First and last names
• Email addresses
• Loyalty card numbers
• Contact details
• Dates of birth
• Travel and booking information

The airline has reassured that complete bank card details are safe, despite Everest’s claims of possessing partially masked card information.

Customer Notification and Official Statement

In their communication, Iberia (IB) informed members, “Currently, we have no evidence that any fraudulent activities related to this data have occurred.”

They also advised customers to be vigilant against any suspicious communications and suggested reporting anomalies to their call center.

This isn’t the first time Everest has targeted the aviation industry. The group previously attacked the MUSE check-in system developed by Collins Aerospace, affecting flights across multiple European airports.

It’s unclear if Collins Aerospace paid the ransom during that incident.

The Growing Cyber Threat to Aviation

The breach affecting Iberia (IB) illustrates a continued pattern of the Everest group targeting the aviation sector for significant operational and financial gain.

Experts caution that personalized phishing emails, masquerading as communications from Iberia Club, could soon inundate inboxes, aimed at obtaining complete payment details or distributing malware.

How do you think airlines can enhance their data security to protect customers in light of these increasing threats? Feel free to share your thoughts!