{"id":123079,"date":"2025-12-01T14:34:00","date_gmt":"2025-12-01T09:04:00","guid":{"rendered":"https:\/\/aviationa2z.com\/?p=123079"},"modified":"2025-12-01T01:13:49","modified_gmt":"2025-11-30T19:43:49","slug":"iberia-faces-6-million-ransom-after-cyberattack","status":"publish","type":"post","link":"https:\/\/aviationa2z.com\/index.php\/2025\/12\/01\/iberia-faces-6-million-ransom-after-cyberattack\/","title":{"rendered":"Iberia Faces $6 Million Ransom After Passenger Data Stolen in Cyberattack"},"content":{"rendered":"\n<p><strong>MADRID-<\/strong> The Everest ransomware group has breached <a href=\"https:\/\/aviationa2z.com\/index.php\/tag\/iberia\/\">Iberia Airlines (IB)<\/a>, Spain\u2019s flag carrier headquartered at Adolfo Su\u00e1rez Madrid\u2013Barajas Airport (MAD).<\/p>\n\n\n\n<p>Hackers demand $6 million ransom to stop leaking 596 GB of stolen Iberia passenger data that includes names, emails, birthdates, masked credit card details, and booking records.<\/p>\n\n\n\n<p>News of the breach surfaced last Sunday when Iberia began emailing Iberia Club members that personal details may have been stolen.<\/p>\n\n\n\n<p>The same Russian-linked Everest group previously disrupted check-in systems at major European airports in September.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1023\" height=\"575\" src=\"https:\/\/aviationa2z.com\/wp-content\/uploads\/2025\/04\/s3rztmte.webp\" alt=\"Iberia Faces $6 Million Ransom After Passenger Data Stolen in Cyberattack\" class=\"wp-image-91213\" srcset=\"https:\/\/aviationa2z.com\/wp-content\/uploads\/2025\/04\/s3rztmte.webp 1023w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2025\/04\/s3rztmte-300x169.webp 300w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2025\/04\/s3rztmte-768x432.webp 768w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2025\/04\/s3rztmte-50x28.webp 50w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2025\/04\/s3rztmte-150x84.webp 150w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2025\/04\/s3rztmte-450x253.webp 450w\" sizes=\"(max-width: 1023px) 100vw, 1023px\" \/><figcaption class=\"wp-element-caption\">Photo: Cl\u00e9ment Alloing<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-iberia-faces-6-million-ransom-demand\">Iberia Faces $6 Million Ransom Demand<\/h2>\n\n\n\n<p>According to <a href=\"https:\/\/www.paddleyourownkanoo.com\/2025\/11\/29\/hackers-are-now-demanding-6-million-from-spains-iberia-airline-to-stop-leaking-passenger-data-from-massive-cyber-breach\/\" rel=\"nofollow\">PYOK<\/a>, the Everest group gained access through a third-party vendor and extracted 596 GB of data, including 430 GB of which are email files containing over 5 million editable records.<\/p>\n\n\n\n<p>On the dark web, a member linked to Everest posted: \u201cA full data leak would have catastrophic consequences for both customers and the company, triggering a massive wave of spam and fraud.\u201d<\/p>\n\n\n\n<p>The criminals threaten to publish or sell the database unless Iberia pays $6 million. While full credit card numbers were not compromised, the stolen masked card data, combined with birthdates and travel histories, enables highly convincing phishing campaigns.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-data-confirmed-stolen-from-iberia\">Data Confirmed Stolen from Iberia<\/h4>\n\n\n\n<p>Iberia (IB) confirmed the breach affects frequent flyer accounts and includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>First and last names<\/li>\n\n\n\n<li>Email addresses<\/li>\n\n\n\n<li>Loyalty card numbers<\/li>\n\n\n\n<li>Contact details<\/li>\n\n\n\n<li>Dates of birth<\/li>\n\n\n\n<li>Travel and booking information<\/li>\n<\/ul>\n\n\n\n<p>The airline stressed that complete bank card details remain secure, though Everest claims possession of partially masked card data.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/aviationa2z.com\/wp-content\/uploads\/2025\/11\/ckz44204-1024x576.webp\" alt=\"Iberia Airbus A321XLR\" class=\"wp-image-122427\" srcset=\"https:\/\/aviationa2z.com\/wp-content\/uploads\/2025\/11\/ckz44204-1024x576.webp 1024w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2025\/11\/ckz44204-300x169.webp 300w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2025\/11\/ckz44204-768x432.webp 768w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2025\/11\/ckz44204-50x28.webp 50w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2025\/11\/ckz44204-1600x900.webp 1600w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2025\/11\/ckz44204-1536x864.webp 1536w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2025\/11\/ckz44204-150x84.webp 150w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2025\/11\/ckz44204-450x253.webp 450w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2025\/11\/ckz44204-1200x675.webp 1200w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2025\/11\/ckz44204.webp 1920w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Photo: SITA<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-customer-notification-and-official-statement\">Customer Notification and Official Statement<\/h2>\n\n\n\n<p>In emails sent last Sunday, Iberia (IB) told members: \u201cAs of the date of this communication, we have no evidence that any fraudulent use of this data has occurred.\u201d<\/p>\n\n\n\n<p>The airline added: \u201cIn any case, we recommend that you pay attention to any suspicious communications you may receive, in order to avoid any inconvenience that such communications may cause you.<\/p>\n\n\n\n<p>We recommend that you report any anomalies or suspicions you detect to our call center.\u201d<\/p>\n\n\n\n<p>Everest previously attacked the MUSE check-in platform developed by <a href=\"https:\/\/aviationa2z.com\/index.php\/tag\/collins-aerospace\/\">Collins Aerospace<\/a>. The September 2025 incident took systems offline at London Heathrow (LHR), Brussels (BRU), and Berlin Brandenburg (BER), causing days of flight delays across Europe.<\/p>\n\n\n\n<p>It remains unknown whether Collins Aerospace paid the ransom demanded at that time.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/aviationa2z.com\/wp-content\/uploads\/2024\/10\/Iberia-Airbus-A321XLR-1024x576.webp\" alt=\"Everest hackers demand $6 million from Iberia Airlines after stealing 596GB of passenger data from Madrid base in a major 2025 breach.\" class=\"wp-image-72961\" srcset=\"https:\/\/aviationa2z.com\/wp-content\/uploads\/2024\/10\/Iberia-Airbus-A321XLR-1024x576.webp 1024w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2024\/10\/Iberia-Airbus-A321XLR-300x169.webp 300w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2024\/10\/Iberia-Airbus-A321XLR-768x432.webp 768w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2024\/10\/Iberia-Airbus-A321XLR-50x28.webp 50w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2024\/10\/Iberia-Airbus-A321XLR-150x84.webp 150w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2024\/10\/Iberia-Airbus-A321XLR-450x253.webp 450w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2024\/10\/Iberia-Airbus-A321XLR-1200x675.webp 1200w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2024\/10\/Iberia-Airbus-A321XLR.webp 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Photo: Tobias Gudat<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-growing-threat-to-aviation\">Growing Threat to Aviation<\/h2>\n\n\n\n<p>The Iberia (IB) incident shows Everest continues to target the aviation sector for maximum financial and operational impact.<\/p>\n\n\n\n<p>Experts warn that personalized phishing emails pretending to come from Iberia Club could soon flood inboxes, attempting to steal full payment details or install malware.<\/p>\n\n\n\n<p>Stay tuned with us. Further, follow us on social media for the latest updates.<\/p>\n\n\n\n<p>Join us on\u00a0<a href=\"https:\/\/t.me\/s\/aviationa2z\" rel=\"nofollow\">Telegram Group\u00a0<\/a>for the Latest Aviation Updates. Subsequently, follow us on\u00a0<a href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMPLdrgsw_-jGAw?hl=en-IN&amp;gl=IN&amp;ceid=IN%3Aen\">Google News<\/a><\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-aviation-a-2-z wp-block-embed-aviation-a-2-z\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"uKxkMhxkkP\"><a href=\"https:\/\/aviationa2z.com\/index.php\/2025\/10\/08\/air-france-lawsuit-in-new-york-amid-cyberattack\/\">Air France Faces Lawsuit in New York Amid Cyberattack, Why?<\/a><\/blockquote><iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; visibility: hidden;\" title=\"&#8220;Air France Faces Lawsuit in New York Amid Cyberattack, Why?&#8221; &#8212; Aviation A2Z\" src=\"https:\/\/aviationa2z.com\/index.php\/2025\/10\/08\/air-france-lawsuit-in-new-york-amid-cyberattack\/embed\/#?secret=UZtBKpS1Zg#?secret=uKxkMhxkkP\" data-secret=\"uKxkMhxkkP\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>The Everest ransomware group has breached Iberia Airlines (IB), Spain\u2019s flag carrier headquartered at Adolfo Su\u00e1rez Madrid\u2013Barajas Airport (MAD).<\/p>\n","protected":false},"author":148,"featured_media":67948,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[7215,6761],"tags":[1886,1887,11153,21972,22933,24438],"class_list":{"0":"post-123079","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-airline-news","8":"category-news","9":"tag-cyberattack","10":"tag-data-breach","11":"tag-iberia","12":"tag-iberia-a321xlr","13":"tag-iberia-a350","14":"tag-iberia-news"},"_links":{"self":[{"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/posts\/123079","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/users\/148"}],"replies":[{"embeddable":true,"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/comments?post=123079"}],"version-history":[{"count":4,"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/posts\/123079\/revisions"}],"predecessor-version":[{"id":123121,"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/posts\/123079\/revisions\/123121"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/media\/67948"}],"wp:attachment":[{"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/media?parent=123079"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/categories?post=123079"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/tags?post=123079"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}