In the midst of air tension due to instability in the Caribbean, which forced several airlines to cancel flights to Venezuela, Iberia had to deal with another front: a security breach that compromised the personal data of some of its customers. In an email alert, the company explains that the source of the problem lies in unauthorized access to the systems of one of its technology suppliers.
According to the airline, despite existing protective measures, evidence was found that third parties managed to access information such as names, surnames and email addresses. Iberia stresses that the breach did not affect users’ login credentials or passwords, nor their full bank card data, which “are not usable”.
Upon detecting the incident, the company says it immediately activated its security protocol and took measures to contain the breach and prevent it from happening again. These include strengthening the process of changing the email associated with accounts – which now requires an additional verification code – and intensive monitoring of systems to identify any anomalous activity.
In accordance with data protection legislation, Iberia has notified the incident to the relevant authority. “The investigation into what happened remains open both internally and with our suppliers”, reads the message sent to customers and to which they had access. CinqueGiorni.
At the moment the airline says it is not aware of any fraudulent use of the leaked information. However, it recommends users to exercise maximum caution in the event of possible suspicious communications and to report any anomaly via its call center: +34 900 111 500.
In a context of increasing digitalization and expansion of e-commerce, cyber attacks have become a recurring threat for large companies. The Iberia case adds to other recent ones, such as that of Mango, which last October reported unauthorized access to its customers’ personal data through an external marketing services provider.
Despite precautions and the fact that companies have strengthened their protocols to ensure protection, cybersecurity incidents continue to grow. According to the latest data from the National Institute for Cybersecurity (Incibe), 97,348 incidents were recorded in the last year, 16.6% more than the previous year. The most frequent attacks include those involving malicious programs designed to damage, disrupt, or gain unauthorized access to computer systems (malware), accounting for 42,136 cases. In second place are incidents related to the blocking of systems or files using extortion techniques (ransomware), with 357 cases recorded.
