Iberia Airlines discloses customer data breach

Iberia, Spain's largest airline and part of the International Airlines Group (IAG), has begun notifying customers of a data breach resulting from a third-party vendor.

The threat actor claims to have accessed 77GB of data including customer's first and last name, email address, and loyalty card identification number. Iberia says that login credentials and financial information were not accessed.

Iberia says the third-party vendor leaked was a "supplier." It's unclear what the nature of this supplier was or why they needed access to customer data.

Third-party vendors as a source of data breaches are becoming increasingly common. The more companies that have access to your data, the more chances there are for it to get leaked. Unfortunately this incident also shows how sometimes data can be shared with companies you didn't intend for it to end up with, often without your knowledge.

While this breach didn't contain any information that would typically be considered sensitive - such as dates of birth or financial information - knowing where a user has an account can help a cybercriminal convince a more crafting phishing email.

Bleeping Computer notes that this disclosure comes close on the heels of a listing on a cyber crime forum claiming to be selling 77 GB of Iberia data, including data from the Airline's internal servers, aircraft technical data, maintenance files, engine information, and other internal documents.