Spanish airline Iberia has disclosed that a cyberattack on a third-party vendor exposed customer data. The breach, which Iberia began notifying customers about on Sunday, appears connected to a broader series of incidents affecting organizations that use Salesforce-based customer support platforms. Other airlines - including Qantas, Air France, and KLM - have reported similar breaches in recent months. According to Iberia, attackers may have accessed customer names, email addresses, and loyalty program numbers. The airline warns that the stolen information may be used for phishing campaigns designed to trick customers into installing malware or divulging additional sensitive details.

The investigation remains ongoing, both internally and with the involved supplier. The disclosure comes only a week after an unverified online claim that 77 GB of sensitive internal Iberia data - including technical aircraft documents - had been stolen and was being offered for sale. Iberia, part of the IAG group that includes British Airways, has not commented on those claims. The incident also recalls British Airways’ major 2018 data breach, which exposed more than 429,000 records and resulted in a regulatory fine.

This incident underscores the critical need for rich, unified cybersecurity forensics across modern airline and enterprise environments. To determine the who, what, where, when, and how of an attack, organizations must rely on a comprehensive data lake like NIKSUN that consolidates full packet capture with deep packet inspection (DPI), network flow records, SNMP traps and polls, logs, events, synthetic transactions, and other telemetry. When these data sources are analyzed together, security teams gain the context needed to rapidly detect intrusions, reconstruct attacker activity, validate the scope of compromise, and respond with precision. Without this unified forensic visibility, organizations risk delayed detection, incomplete investigations, and greater exposure to cascading breaches.