Iberia. In October 2025, Iberia confirmed that it had detected unauthorised access to a communication repository managed by an external provider. Although the compromised system contained internal information and certain customer data, it was not part of the operational infrastructure involved in flight management, routes, or aeronautical procedures. Therefore, flight safety was never at risk.

According to the initial assessment, the intrusion allowed access to personal data linked to customer profiles, including names, email addresses, phone numbers, and loyalty program identifiers. Reservation codes for upcoming trips were also extracted, although Iberia states there is no evidence of unauthorised changes, modifications, or fraudulent attempts. The airline also reaffirmed that no passwords or complete payment information were accessed.

TDB keeps you informed. Follow us on: Facebook, Twitter and Instagram

Once the breach was verified, Iberia began directly notifying affected customers. As an immediate measure, two-factor authentication was activated for all accounts that may have been exposed, preventing third parties from modifying bookings or viewing sensitive details through the website, mobile app, or phone support. At the same time, Iberia activated a dedicated assistance line and urged users to stay alert for suspicious messages or calls requesting urgent actions.

The incident comes at a time of increasing cyberattacks on Spanish companies throughout 2025, especially large corporations that manage vast databases and complex systems. Iberia explained that it has reinforced its internal monitoring mechanisms and is carrying out a thorough technical investigation to determine the origin of the breach and close any potential access points.

Finally, Iberia issued a public apology for any inconvenience and stated that it is taking all necessary steps to ensure such an incident does not occur again. Iberia emphasised that operational safety remains its top priority and confirmed that customers will continue to be informed as the investigation progresses.

Iberia is also considering implementing additional protection layers across its external systems, reviewing agreements with service providers, and strengthening its incident-response protocols. Iberia notes that this event will accelerate technological improvements and increase security oversight in all environments where sensitive customer information is managed.

Beyond the immediate technical actions, Iberia has begun a broader internal review aimed at understanding how an external system managed by a third party became vulnerable to unauthorised access. Cybersecurity specialists within the company are now collaborating with independent experts to map out the full sequence of events, determine how long the intruder remained inside the compromised repository, and assess whether any additional systems displayed signs of attempted access. Although there is no indication that the attackers reached Iberia’s core operational infrastructure, the company acknowledges that the interconnected nature of modern digital systems requires an exhaustive analysis before formally closing the investigation.

Furthermore, Iberia is reassessing the overall security posture of its vendor ecosystem. The airline works with numerous third-party service providers, each responsible for specific components of its technological environment. As a result, Iberia plans to tighten contractual cybersecurity requirements, introduce more frequent audits, and enforce stricter protocols for the handling, storage, and encryption of customer information. The company has indicated that future agreements with external partners will require advanced certification standards and mandatory real-time monitoring tools to prevent similar incidents from developing unnoticed.

At the customer level, Iberia is preparing updated guidelines to help users better understand the types of fraudulent activities that typically arise after a breach of this nature. These include phishing attempts, social engineering messages that mimic official communications, and fake notifications requesting payment details or verification codes. The airline intends to launch an awareness campaign across its digital platforms, offering travellers practical recommendations on how to identify suspicious content and encouraging them to verify any unexpected messages directly through Iberia’s official channels. The objective is to reduce the risk of opportunistic attacks that often target affected individuals shortly after a cybersecurity incident becomes public.

Internally, the event has accelerated conversations about a long-term modernisation plan for Iberia’s digital environment. This includes the incorporation of artificial-intelligence-driven threat-detection systems, expanded logging of user activity, and the introduction of more resilient backup architectures. The airline also plans to expand its cybersecurity department, increasing the number of specialists dedicated to continuous monitoring, prevention, and incident response. Iberia believes that these reinforcements will significantly improve its ability to detect irregular activity before it escalates into a major breach.

Finally, the company reiterates that rebuilding and maintaining customer trust are top priorities. Iberia aims to provide full transparency throughout the investigation and has committed to issuing updated statements as soon as new information becomes available. The airline acknowledges that the expectations placed on large transportation companies regarding digital security are higher than ever and states that this incident, while disruptive, will catalyse deeper structural improvements across all technology layers of the organisation.