Iberia Express
Company Details
Linkedin ID:
iberia-express
Employees number:
634
Number of followers:
92,462
NAICS:
481
Industry Type:
Homepage:
iberiaexpress.com
IP Addresses:
0
Company ID:
IBE_1694211
Scan Status:
In-progress
Iberia Express Company CyberSecurity Posture
iberiaexpress.com
We are part of the Iberia Group, the leading low-cost airline at Madrid airport and on routes to the Canary and Balearic Islands. Our hybrid “low cost, high quality” business model combines great efficiency with a customer experience that includes connecting flights and Business Class service. In 2024, we were the world’s most punctual low-cost airline and the most punctual airline in Europe, according to consultancy firm Cirium. We operate a highly efficient fleet of 25 aircraft, which will help us meet our commitment to net zero emissions by 2050. The Iberia Express team is made up of more than 900 employees who share and promote the values of teamwork, warmth, and kindness, which are the core of our company’s DNA, as well as diversity in all areas.
Iberia Express A.I CyberSecurity Scoring
Iberia Express Risk Score (AI oriented)Between 600 and 649
Iberia Express
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Iberia Express Global Score (TPRM)XXXX
Iberia Express
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Iberia Express Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
Iberia
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Spanish airline Iberia suffered a significant data breach on November 23, 2025, originating from a third-party supplier. Hackers compromised the vendor’s systems, gaining access to sensitive customer data, including names, email addresses, loyalty program details (Iberia Plus tier statuses, point balances, travel histories), and 77GB of proprietary technical documents (e.g., aircraft maintenance files, engine specifications, internal certificates). While payment information and passwords were not exposed, the breach heightened risks of phishing, identity theft, and potential operational risks if technical data was exploited. The threat actor advertised the stolen data on dark web forums for $150,000, accelerating public disclosure. Iberia isolated affected systems, engaged cybersecurity experts, and offered free credit monitoring to impacted customers. The incident underscored supply-chain vulnerabilities in aviation, prompting regulatory scrutiny under GDPR and industry-wide reviews of third-party security protocols.
Iberia
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Iberia, Spain’s national flag carrier airline, suffered a third-party data breach after a threat actor claimed to have exfiltrated 77 GB of its sensitive data. The incident, reported by *Security Affairs*, suggests the compromise involved external vendor systems, potentially exposing corporate, operational, or customer-related information. While the exact nature of the stolen data (e.g., employee records, flight operations, passenger details) remains undisclosed, the scale (77 GB) indicates a significant data leak with possible reputational, financial, and regulatory repercussions. The breach underscores vulnerabilities in supply chain cybersecurity, where third-party vendors serve as attack vectors for targeting high-profile organizations. Iberia has not confirmed whether the stolen data includes customer personal information or internal employee records, but the volume suggests a high-risk exposure. The incident may trigger investigations under GDPR (given Iberia’s EU operations) and could erode customer trust, particularly if financial or identity-related data was compromised.
Iberia Express Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Iberia Express
Incidents vs Airlines and Aviation Industry Average (This Year)
No incidents recorded for Iberia Express in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Iberia Express in 2026.
Incident Types Iberia Express vs Airlines and Aviation Industry Avg (This Year)
No incidents recorded for Iberia Express in 2026.
Incident History — Iberia Express (X = Date, Y = Severity)
Iberia Express cyber incidents detection timeline including parent company and subsidiaries
Iberia Express Company Subsidiaries
We are part of the Iberia Group, the leading low-cost airline at Madrid airport and on routes to the Canary and Balearic Islands. Our hybrid “low cost, high quality” business model combines great efficiency with a customer experience that includes connecting flights and Business Class service. In 2024, we were the world’s most punctual low-cost airline and the most punctual airline in Europe, according to consultancy firm Cirium. We operate a highly efficient fleet of 25 aircraft, which will help us meet our commitment to net zero emissions by 2050. The Iberia Express team is made up of more than 900 employees who share and promote the values of teamwork, warmth, and kindness, which are the core of our company’s DNA, as well as diversity in all areas.
Loading...
Iberia Express Similar Companies
Air India SATS Airport Services Private Limited (AISATS)
Welcome to AISATS! As India's leading gateway services company headquartered in Mumbai and operating in Delhi, Bengaluru, Hyderabad, Thiruvananthapuram, Mangaluru and Ranchi airports, we at AISATS, care for our client airlines and their passengers. Our customers know when they do business with us
SpiceJet Limited
Red. Hot. Spicy. That’s not just our tagline, it’s how we fly. Red reflects the bold spirit we bring to every journey, energetic, passionate, and full of heart. Hot captures the warmth of our service and the vibrant destinations we connect. Spicy is our drive to keep travel exciting through innovati
Ethiopian Airlines
Ethiopian Airlines Group (Ethiopian) is a true African success story, transforming a visionary dream into a globally renowned reality for nearly eight decades. Operating flights to more than 160 domestic and international passenger, and cargo destinations across five continents, Ethiopian bridges th
We would like to acknowledge the Traditional Custodians of the local lands and waterways on which we live, work and fly. We pay our respects to Elders past and present. Spirit is everything to us, and joining the Qantas team means bringing your spirit to ours. We have over 29,000 exceptional emplo
Ryanair Holdings plc, Europe’s largest airline group, is the parent company of Ryanair DAC, Lauda, Buzz and Ryanair UK. Carrying 160m+ guests p.a. on over 3,000 daily flights to/from 225 airports. Plan to carry 225m+ guests p.a. by 2026. Unfortunately, we are unable to answer customer service que
Menzies Aviation
People. Passion. Pride. These have driven our team since 1833. Since that time, we have developed to become a critical partner in the global aviation industry, delivering time-critical logistics services at over 350 locations in 65 countries, across six continents. But at the heart of our
Canada's largest airline, the country’s flag carrier and a founding member of Star Alliance, the world's most comprehensive air transportation network celebrating its 25thanniversary in 2022, Air Canada provides scheduled passenger service directly to 51 airports in Canada, 51 in the United States a
Turkish Airlines
Turkish Airlines has soared to new heights since its first flight in 1933, becoming the airline that connects more countries than any other. Our commitment to excellence is reflected in the world-class service, comfort, and innovative travel experience we offer, designed to elevate every journey.
Qatar Airways is the national airline of the State of Qatar. Based in Doha, the Airline’s trendsetting on-board product focuses on: comfort, fine cuisine, the latest in-flight audio & video entertainment, award-winning service and one of the youngest and most advanced aircraft fleet in the sky. Awa
.png)
Iberia Express CyberSecurity News
November 24, 2025 08:00 AM
Iberia cyberattack: What data was leaked and what should affected customers do now?
The cyber attack on Iberia exposed names, e-mails and reservation codes, although the airline confirms that no payment data was compromised.
November 14, 2025 08:00 AM
Iberia eyes 25% more Brazil capacity in 2026, boosted by Airbus jets
Spanish airline Iberia aims to expand substantially in Brazil for the second year in a row in 2026, an executive said, as new Airbus jets...
April 29, 2025 07:00 AM
Pro-Russian hacking group claims responsibility for Spain and Portugal power outage
The European Union's cyber security wing ruled out that the power outage was the result of a hack, but a group has claimed to be behind the...
April 29, 2025 07:00 AM
Power Outage: Spain update on cyberattack fears as cause of disruption still unknown
A massive power outage struck Spain and Portugal yesterday leaving millions without power and severely disrupting transport including flights, government and...
January 13, 2025 08:00 AM
Iberia Group set this passenger record in 2024
In 2024, the flew more passengers than ever, showing the increasing need for business and leisure travel. The group — consisting of Iberia,...
January 06, 2025 08:00 AM
Iberia to Vueling: Which European airlines were most on-time in 2024?
The report's authors say the aviation industry has demonstrated significant resilience in the face of global industry challenges in 2024.
January 05, 2025 08:00 AM
Iberia and Iberia Express, the Most Punctual Airlines in Europe in 2024
With 84.69% of flights on time, Iberia Express is the world's leading low-cost airline and heads the punctuality ranking for European...
January 02, 2025 08:00 AM
Canadian airlines don't make list of top on-time arrivals
By The Associated Press. Posted January 2, 2025 1:16 pm. Last Updated January 2, 2025 5:05 pm. Mexican airline Aeromexico had the world's best record for...
January 02, 2025 08:00 AM
Major Canadian airlines rank bottom of the pack for being on time, data shows
Mexican airline Aeromexico had the world's best record for on-time arrivals in 2024, according to an annual ranking released Thursday.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Iberia Express CyberSecurity History Information
Official Website of Iberia Express
The official website of Iberia Express is https://http://www.iberiaexpress.com.
Iberia Express’s AI-Generated Cybersecurity Score
According to Rankiteo, Iberia Express’s AI-generated cybersecurity score is 645, reflecting their Poor security posture.
How many security badges does Iberia Express’ have ?
According to Rankiteo, Iberia Express currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Iberia Express been affected by any supply chain cyber incidents ?
According to Rankiteo, Iberia Express has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Iberia Express have SOC 2 Type 1 certification ?
According to Rankiteo, Iberia Express is not certified under SOC 2 Type 1.
Does Iberia Express have SOC 2 Type 2 certification ?
According to Rankiteo, Iberia Express does not hold a SOC 2 Type 2 certification.
Does Iberia Express comply with GDPR ?
According to Rankiteo, Iberia Express is not listed as GDPR compliant.
Does Iberia Express have PCI DSS certification ?
According to Rankiteo, Iberia Express does not currently maintain PCI DSS compliance.
Does Iberia Express comply with HIPAA ?
According to Rankiteo, Iberia Express is not compliant with HIPAA regulations.
Does Iberia Express have ISO 27001 certification ?
According to Rankiteo,Iberia Express is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Iberia Express
Iberia Express operates primarily in the Airlines and Aviation industry.
Number of Employees at Iberia Express
Iberia Express employs approximately 634 people worldwide.
Subsidiaries Owned by Iberia Express
Iberia Express presently has no subsidiaries across any sectors.
Iberia Express’s LinkedIn Followers
Iberia Express’s official LinkedIn profile has approximately 92,462 followers.
NAICS Classification of Iberia Express
Iberia Express is classified under the NAICS code 481, which corresponds to Air Transportation.
Iberia Express’s Presence on Crunchbase
No, Iberia Express does not have a profile on Crunchbase.
Iberia Express’s Presence on LinkedIn
Yes, Iberia Express maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/iberia-express.
Cybersecurity Incidents Involving Iberia Express
As of January 25, 2026, Rankiteo reports that Iberia Express has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Iberia Express has an estimated 3,672 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Iberia Express ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Iberia Express detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes (systems isolated, forensic investigation launched), and third party assistance with yes (cybersecurity experts engaged), and containment measures with isolation of affected systems, containment measures with dark web monitoring for data leaks, and remediation measures with forensic investigation, remediation measures with supplier security audit, and recovery measures with customer notifications, recovery measures with free credit monitoring for affected individuals, and communication strategy with prompt public disclosure, communication strategy with customer advisories (password changes, account monitoring), and enhanced monitoring with yes (real-time monitoring of data flows with suppliers)..
Incident Details
Can you provide details on each incident ?
Title: Iberia Airlines Data Breach via Third-Party Supplier
Description: Spanish airline Iberia, part of the International Airlines Group (IAG), disclosed a significant data breach on November 23, 2025, originating from a compromised third-party supplier. The breach exposed sensitive customer information, including names, email addresses, loyalty program details, and technical documents related to aircraft maintenance (e.g., A320, A321 engine specifications and internal certificates). The threat actor advertised 77GB of stolen data on dark web forums for $150,000, raising concerns about phishing, identity theft, and potential risks to aviation safety. Iberia confirmed no payment information or passwords were compromised but advised customers to monitor accounts and change passwords. The incident underscores vulnerabilities in aviation supply chains and the risks of outdated security protocols among third-party vendors.
Date Publicly Disclosed: 2025-11-23
Type: Data Breach
Attack Vector: Third-Party Vendor CompromiseMisconfigured Cloud Storage (speculated)Inadequate Access Controls (speculated)
Vulnerability Exploited: Outdated Security Protocols (vendor)Potential Configuration Flaws in Shared Platforms (e.g., Salesforce-like systems)
Motivation: Financial Gain (data sold for $150,000 on dark web)
Title: Iberia Third-Party Data Breach (November 2025)
Description: Iberia, Spain's flag carrier, confirmed being impacted by a third-party breach after a threat actor claimed to have stolen 77 GB of its data.
Date Publicly Disclosed: 2025-11-24
Type: Data Breach (Third-Party)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Third-Party Supplier’s Systems (likely via misconfigured cloud storage or access controls).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach IBE5015650112525
Data Compromised: Customer names, Email addresses, Loyalty program details (iberia plus tier statuses, point balances, travel histories), Technical documents (aircraft maintenance files, engine specifications, internal certificates for a320/a321 models)
Systems Affected: Third-Party Supplier SystemsPotentially Shared CRM/Booking Platforms
Operational Impact: Potential Risk to Aviation Safety (if technical documents exploited)Disruption to Customer TrustIncreased Scrutiny on Vendor Security Practices
Customer Complaints: Expected (specific numbers not disclosed)
Brand Reputation Impact: High (eroded consumer trust, potential market position decline)
Legal Liabilities: Potential GDPR Fines (under investigation by EU regulators)Lawsuits from Affected Customers
Identity Theft Risk: High (phishing and fraud risks due to exposed PII)
Payment Information Risk: None (confirmed not compromised)
Incident : Data Breach (Third-Party) IBE40104140112625
Data Compromised: 77 GB
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Identifiable Information (Pii), Loyalty Program Data, Proprietary Technical Documents and .
Which entities were affected by each incident ?
Incident : Data Breach IBE5015650112525
Entity Name: Iberia Airlines
Entity Type: Airline
Industry: Aviation
Location: Spain (Headquarters in Madrid)
Size: Large (operates over 100 aircraft, serves millions annually)
Customers Affected: Iberia Plus Loyalty Program Members (exact number undisclosed)
Incident : Data Breach IBE5015650112525
Entity Name: Unnamed Third-Party Supplier
Entity Type: Vendor
Industry: IT/Aviation Services (speculated: CRM or booking system provider)
Incident : Data Breach (Third-Party) IBE40104140112625
Entity Name: Iberia
Entity Type: Airline
Industry: Aviation
Location: Spain
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach IBE5015650112525
Incident Response Plan Activated: Yes (systems isolated, forensic investigation launched)
Third Party Assistance: Yes (cybersecurity experts engaged)
Containment Measures: Isolation of Affected SystemsDark Web Monitoring for Data Leaks
Remediation Measures: Forensic InvestigationSupplier Security Audit
Recovery Measures: Customer NotificationsFree Credit Monitoring for Affected Individuals
Communication Strategy: Prompt Public DisclosureCustomer Advisories (password changes, account monitoring)
Enhanced Monitoring: Yes (real-time monitoring of data flows with suppliers)
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes (systems isolated, forensic investigation launched).
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Yes (cybersecurity experts engaged).
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach IBE5015650112525
Type of Data Compromised: Personal identifiable information (pii), Loyalty program data, Proprietary technical documents
Sensitivity of Data: High (includes PII and sensitive aviation technical data)
Data Exfiltration: Yes (77GB of data advertised on dark web)
File Types Exposed: Customer DatabasesPDF/Technical ManualsInternal Certificates
Personally Identifiable Information: NamesEmail AddressesLoyalty Program Details (travel histories, tier statuses)
Incident : Data Breach (Third-Party) IBE40104140112625
Data Exfiltration: 77 GB
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Forensic Investigation, Supplier Security Audit, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by isolation of affected systems, dark web monitoring for data leaks and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach IBE5015650112525
Data Exfiltration: Yes (but not ransomware-related; data sold on dark web)
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Customer Notifications, Free Credit Monitoring for Affected Individuals, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach IBE5015650112525
Regulations Violated: Potential GDPR Non-Compliance (under investigation),
Legal Actions: EU Regulatory Inquiry (Spain’s data protection agency), Potential Lawsuits,
Regulatory Notifications: Customers NotifiedRegulators Informed (EU GDPR authorities)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through EU Regulatory Inquiry (Spain’s data protection agency), Potential Lawsuits, .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach IBE5015650112525
Lessons Learned: Supply chain vulnerabilities are critical attack vectors in aviation., Outdated vendor security protocols can cascade risks across interconnected systems., Proactive dark web monitoring can accelerate breach detection., Transparency in disclosure helps mitigate reputational damage., Zero-trust architectures and real-time supplier monitoring are essential.
What recommendations were made to prevent future incidents ?
Incident : Data Breach IBE5015650112525
Recommendations: Enforce mandatory security certifications for all third-party vendors., Implement zero-trust frameworks and multi-factor authentication (MFA)., Conduct regular penetration testing and AI-driven threat detection., Adopt blockchain-based data verification for supply chain integrity., Enhance employee training on phishing and secure data handling., Establish collaborative threat intelligence sharing within the aviation industry., Invest in AI tools for predictive breach analysis.Enforce mandatory security certifications for all third-party vendors., Implement zero-trust frameworks and multi-factor authentication (MFA)., Conduct regular penetration testing and AI-driven threat detection., Adopt blockchain-based data verification for supply chain integrity., Enhance employee training on phishing and secure data handling., Establish collaborative threat intelligence sharing within the aviation industry., Invest in AI tools for predictive breach analysis.Enforce mandatory security certifications for all third-party vendors., Implement zero-trust frameworks and multi-factor authentication (MFA)., Conduct regular penetration testing and AI-driven threat detection., Adopt blockchain-based data verification for supply chain integrity., Enhance employee training on phishing and secure data handling., Establish collaborative threat intelligence sharing within the aviation industry., Invest in AI tools for predictive breach analysis.Enforce mandatory security certifications for all third-party vendors., Implement zero-trust frameworks and multi-factor authentication (MFA)., Conduct regular penetration testing and AI-driven threat detection., Adopt blockchain-based data verification for supply chain integrity., Enhance employee training on phishing and secure data handling., Establish collaborative threat intelligence sharing within the aviation industry., Invest in AI tools for predictive breach analysis.Enforce mandatory security certifications for all third-party vendors., Implement zero-trust frameworks and multi-factor authentication (MFA)., Conduct regular penetration testing and AI-driven threat detection., Adopt blockchain-based data verification for supply chain integrity., Enhance employee training on phishing and secure data handling., Establish collaborative threat intelligence sharing within the aviation industry., Invest in AI tools for predictive breach analysis.Enforce mandatory security certifications for all third-party vendors., Implement zero-trust frameworks and multi-factor authentication (MFA)., Conduct regular penetration testing and AI-driven threat detection., Adopt blockchain-based data verification for supply chain integrity., Enhance employee training on phishing and secure data handling., Establish collaborative threat intelligence sharing within the aviation industry., Invest in AI tools for predictive breach analysis.Enforce mandatory security certifications for all third-party vendors., Implement zero-trust frameworks and multi-factor authentication (MFA)., Conduct regular penetration testing and AI-driven threat detection., Adopt blockchain-based data verification for supply chain integrity., Enhance employee training on phishing and secure data handling., Establish collaborative threat intelligence sharing within the aviation industry., Invest in AI tools for predictive breach analysis.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Supply chain vulnerabilities are critical attack vectors in aviation.,Outdated vendor security protocols can cascade risks across interconnected systems.,Proactive dark web monitoring can accelerate breach detection.,Transparency in disclosure helps mitigate reputational damage.,Zero-trust architectures and real-time supplier monitoring are essential.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Invest in AI tools for predictive breach analysis., Adopt blockchain-based data verification for supply chain integrity., Implement zero-trust frameworks and multi-factor authentication (MFA)., Enhance employee training on phishing and secure data handling., Conduct regular penetration testing and AI-driven threat detection., Enforce mandatory security certifications for all third-party vendors. and Establish collaborative threat intelligence sharing within the aviation industry..
References
Where can I find more information about each incident ?
Incident : Data Breach IBE5015650112525
Source: BleepingComputer
Incident : Data Breach IBE5015650112525
Source: Security Affairs
Incident : Data Breach IBE5015650112525
Source: Cybernews
Incident : Data Breach IBE5015650112525
Source: Paddle Your Own Kanoo (Analysis on AI in Cybersecurity)
Incident : Data Breach IBE5015650112525
Source: Grab The Axe (Report on AI-Driven Threats)
Incident : Data Breach IBE5015650112525
Source: X (formerly Twitter) – Cybersecurity Accounts Monitoring Dark Web
Incident : Data Breach (Third-Party) IBE40104140112625
Source: Security Affairs
Date Accessed: 2025-11-24
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: BleepingComputer, and Source: Security Affairs, and Source: Cybernews, and Source: Paddle Your Own Kanoo (Analysis on AI in Cybersecurity), and Source: Grab The Axe (Report on AI-Driven Threats), and Source: X (formerly Twitter) – Cybersecurity Accounts Monitoring Dark Web, and Source: Security AffairsDate Accessed: 2025-11-24.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach IBE5015650112525
Investigation Status: Ongoing (forensic investigation, regulatory inquiries by EU/Spain)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Prompt Public Disclosure, Customer Advisories (Password Changes and Account Monitoring).
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach IBE5015650112525
Stakeholder Advisories: Customers Advised To Enable Two-Factor Authentication And Monitor Accounts.
Customer Advisories: Password changes recommendedFree credit monitoring offered to affected loyalty program members
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Customers Advised To Enable Two-Factor Authentication And Monitor Accounts, Password Changes Recommended, Free Credit Monitoring Offered To Affected Loyalty Program Members and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach IBE5015650112525
Entry Point: Third-Party Supplier’s Systems (likely via misconfigured cloud storage or access controls)
High Value Targets: Customer Pii, Aircraft Maintenance Documents, Internal Certificates,
Data Sold on Dark Web: Customer Pii, Aircraft Maintenance Documents, Internal Certificates,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach IBE5015650112525
Root Causes: Vendor’S Outdated Security Protocols, Potential Misconfigured Cloud Storage Or Access Controls, Lack Of Real-Time Monitoring For Third-Party Data Flows,
Corrective Actions: Enhanced Supplier Oversight With Mandatory Security Certifications, Implementation Of Zero-Trust Architectures And Mfa, Ai-Driven Threat Detection And Regular Penetration Testing, Collaborative Threat Intelligence Sharing With Industry Peers,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Yes (real-time monitoring of data flows with suppliers).
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Enhanced Supplier Oversight With Mandatory Security Certifications, Implementation Of Zero-Trust Architectures And Mfa, Ai-Driven Threat Detection And Regular Penetration Testing, Collaborative Threat Intelligence Sharing With Industry Peers, .
Additional Questions
Incident Details
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-11-24.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Customer Names, Email Addresses, Loyalty Program Details (Iberia Plus tier statuses, point balances, travel histories), Technical Documents (aircraft maintenance files, engine specifications, internal certificates for A320/A321 models), and 77 GB.
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Third-Party Supplier SystemsPotentially Shared CRM/Booking Platforms.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Isolation of Affected SystemsDark Web Monitoring for Data Leaks.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Loyalty Program Details (Iberia Plus tier statuses, point balances, travel histories), Technical Documents (aircraft maintenance files, engine specifications, internal certificates for A320/A321 models), Email Addresses, Customer Names and 77 GB.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was EU Regulatory Inquiry (Spain’s data protection agency), Potential Lawsuits, .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Zero-trust architectures and real-time supplier monitoring are essential.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Invest in AI tools for predictive breach analysis., Adopt blockchain-based data verification for supply chain integrity., Implement zero-trust frameworks and multi-factor authentication (MFA)., Enhance employee training on phishing and secure data handling., Conduct regular penetration testing and AI-driven threat detection., Enforce mandatory security certifications for all third-party vendors. and Establish collaborative threat intelligence sharing within the aviation industry..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are X (formerly Twitter) – Cybersecurity Accounts Monitoring Dark Web, BleepingComputer, Security Affairs, Cybernews, Paddle Your Own Kanoo (Analysis on AI in Cybersecurity) and Grab The Axe (Report on AI-Driven Threats).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (forensic investigation, regulatory inquiries by EU/Spain).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Customers advised to enable two-factor authentication and monitor accounts, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Password changes recommendedFree credit monitoring offered to affected loyalty program members.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Third-Party Supplier’s Systems (likely via misconfigured cloud storage or access controls).
.png)
Latest Global CVEs (Not Company-Specific)
Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Description
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=iberia-express' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
