CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Iberia Customer Data Exposed in Third-Party Vendor Breach

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Iberia, Spain's largest airline, disclosed a data breach affecting customer information after a third-party vendor's systems were compromised. The exposed data includes names, email addresses, and Iberia Club loyalty card numbers, but not login credentials or financial details. The airline has implemented additional security measures, including new checks to prevent unauthorized changes to accounts, and is monitoring for suspicious activity. The breach follows claims by a threat actor of selling 77 GB of allegedly stolen Iberia data, including technical material on aircraft and internal documents, though the connection remains unclear.

Timeline

  1. 23.11.2025 15:46 2 articles · 1d ago

    Iberia Discloses Customer Data Breach After Third-Party Vendor Compromise

    Iberia notified customers of a data breach caused by unauthorized access to a supplier's systems. The exposed data includes names, email addresses, and Iberia Club loyalty card numbers. The airline has implemented additional security measures, including new checks to prevent unauthorized changes to accounts, and is monitoring for suspicious activity. A threat actor claimed to have 77 GB of Iberia data for sale, including technical material on aircraft and internal documents, but the connection to the disclosed breach is unclear.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Mango Marketing Vendor Data Breach

Spanish fashion retailer MANGO notified customers of a data breach affecting personal information used in marketing campaigns. The breach occurred at an external marketing vendor, exposing first names, countries, postal codes, email addresses, and telephone numbers. The company's corporate infrastructure and IT systems were not compromised. The breach was disclosed on October 14, 2025. MANGO has activated security protocols and notified relevant authorities. No ransomware groups have claimed responsibility.

Open in new tab

Renault and Dacia UK Customers Affected by Third-Party Data Breach

Renault and Dacia UK customers have been notified of a data breach affecting personal information shared with a third-party provider. The breach exposed full names, gender, phone numbers, email addresses, postal addresses, vehicle identification numbers, and vehicle registration numbers. The third-party provider has isolated the incident and removed the threat from its networks. The affected customers are advised to be vigilant against potential phishing and social engineering attacks. The number of impacted customers and the identity of the third-party provider have not been disclosed. The breach follows a significant cyberattack at Jaguar Land Rover in the UK, which disrupted operations for nearly a month, and is part of a string of breaches in the transport sector, impacting JLR, Collins Aerospace, and LNER.

Open in new tab

WestJet data breach impacts 1.2 million customers

WestJet, a major Canadian airline, has confirmed that a cyberattack on June 13, 2025, compromised the personal information of 1.2 million customers. The breach involved the theft of travel documents, including passports and ID documents. The attackers gained access to the network through a Citrix system after resetting an employee's password via social engineering. The breach was attributed to threat actors associated with Scattered Spider, although no official attribution has been made. The compromised data includes full names, dates of birth, mailing addresses, travel documents, requested accommodations, filed complaints, WestJet Rewards Member IDs, and details of WestJet RBC Mastercard information. No credit card or debit card numbers, expiry dates, CVV numbers, or user passwords were compromised. The airline is working with the FBI and has offered a free 2-year identity theft protection and monitoring service to affected customers. The breach was first identified on June 13, 2025, and the data breach notification was sent to the Office of the Maine Attorney General on September 29, 2025.

Open in new tab

TransUnion Data Breach Affects Over 4 Million Customers

TransUnion, a major credit reporting agency, confirmed a data breach that compromised the personal information of over 4 million customers. The breach occurred on July 28, 2025, and was discovered two days later. An unauthorized actor accessed personal data through a third-party application used by TransUnion's US customer support operations. The compromised information was limited to specific data elements and did not include credit reports or core credit information. TransUnion is offering impacted customers two years of free credit monitoring services. The identity of the threat actor remains unknown, and there is no confirmed correlation with other recent security incidents.

Open in new tab

Farmers Insurance Data Breach Affects Over 1 Million Customers

Farmers Insurance, along with its affiliated companies and subsidiaries, experienced a data breach through a third-party vendor. The breach occurred on May 29 and was discovered the following day. Over 1 million customers were affected. The compromised data included personal information, although the specific details have not been disclosed. The incident was detected by the vendor's monitoring tools, which allowed for quick containment measures. The company has notified law enforcement and is offering affected individuals two years of complimentary identity monitoring services. The breach was detected on May 30, and the investigation concluded on July 24. The unauthorized access involved a third-party vendor's database containing customer information.

Open in new tab