Spanish flag carrier Iberia has notified customers of a data breach stemming from a compromise at a third-party supplier. The breach exposed customer names, email addresses, and frequent flyer numbers. This incident follows similar breaches at other airlines linked to a Salesforce-hosted database.
Business Impact
While sensitive financial data was reportedly not stolen, the exposure of customer contact details and frequent flyer numbers opens the door for highly targeted phishing campaigns. Attackers can use this data to craft convincing lures to steal airline miles or further compromise user accounts.
Why It Happened
The breach originated from a vulnerability in a third-party vendor’s system, likely a customer support platform. This pattern of “island hopping” from vendors to major targets continues to be a primary attack vector for large enterprises.
Recommended Executive Action
Warn customers and employees to be vigilant against phishing emails purporting to be from the airline. Re-assess the security controls of all vendors with access to customer loyalty and CRM databases.
Hashtags: #DataBreach #Iberia #Airlines #SupplyChain #Phishing #Privacy #GDPR #CyberSecurity