Data breach in Iberia: internal documents end up on the dark web after a possible cyberattack

The recent data breach in Iberia, with 77 GB of internal information allegedly stolen and put up for sale on the dark web, has once again highlighted the increasing pressure that cybercriminals exert on large companies. Although the airline is investigating the real extent of the incident, the case highlights how even the most consolidated organizations remain priority targets and how the exposure of internal documentation—even if it doesn't affect customers—can compromise operations, reputation and corporate security.

‍

What has been leaked and who is behind it?

The threat actor claims to have 77 GB of internal Iberia information, including:

• Corporate Documentation
• Internal files
• Operational Information
• Communications and administrative data

For now, there is no indication that customer data has been compromised, although validation is still ongoing. The leak has been published on a well-known dark web forum, where the attacker claims to be selling the complete package without specifying a price. Iberia has announced that it is analyzing the veracity and scope of the incident together with its cybersecurity team.

‍

Why is it serious if there is no personal data?

Even if the leak does not include passenger information, the disclosure of internal documents can have major implications:

• Reveal operating processes and technical configurations.
• Facilitate future more sophisticated attacks (internal phishing, social engineering, lateral access...).
• Expose strategic and commercial data.
• Compromise the reputation of the company and its suppliers

In critical sectors such as air transport, any information leak can become a significant risk to business continuity.

‍

The dark web as a market for corporate information

The publication of the alleged data package is in line with a growing trend: cybercriminals are no longer content with selling credentials or bank details, but are focusing on internal documentation of large companies, which are increasingly valuable to organized crime

This type of information is resold to carry out targeted attacks, is used for extortion or corporate blackmail, and is sometimes not even commercialized: it is filtered free of charge to gain reputation within criminal forums. In this way, the dark web has become the main showcase for threat actors focused on corporate espionage, digital sabotage and high-impact strategic attacks.

‍

What we recommend from Apolo Cybersecurity

From Apollo Cybersecurity, we recommend reinforcing protection against incidents of this type with measures such as:

• Continuous monitoring of the dark web to detect breaches before they escalate.
• Network segmentation and minimum privileges to limit the impact of unauthorized access.
• Regular security audits of internal systems and critical platforms.
• Employee awareness programs, especially in social engineering and phishing.
• Incident response plans that allow for quick action in the face of a breach.

Prevention and early visibility are essential to prevent an internal leak from becoming a bigger problem.

‍

Secure your digital environment before the next threat

The Iberia case demonstrates how attackers expand their focus to internal documentation and how a single compromised credential can trigger a critical leak. Even when customers aren't directly affected, reputational damage to the company can be significant.
‍

At Apolo Cybersecurity, we help you anticipate these risks and protect your most sensitive information.

‍