Iberia is notifying the customers of its Iberia Plus loyalty club to change their access passwords because SITA, one of its technology providers, has suffered a personal data breach.
The airline has ensured that neither the passwords nor the payment data of its users have been compromised, since they are not stored in the databases of this provider, but that, for security reasons, it is advisable to change the password.
"Specifically, SITA has notified us that only the names of some Iberia Plus customers, their frequent flyer numbers and some of their preferences, such as seats, have been affected by this gap," explains the email that is being sent by the airline since last Friday, the 5th, to Iberia Plus customers.
The password used for the Iberia Plus account is also not in the hands of SITA and, therefore, it has not been put at risk, according to the company, although as a precaution and given the possibility that customers have reused passwords used for others. websites, have chosen to reset it.
In a second email, once restored, customers are notified of the new temporary password for users to access the account and, once there, change it to their own.
The data handled by SITA refers only to some preferences of the users of various airlines, such as seats, or their frequent flyer numbers but, in no case, is it sensitive information such as means of payment or the password itself, because it is not the provider of the reservation system, Iberia sources informed this newspaper.
SITA works with other airlines of the Star Alliance alliance, such as British Airways (also of the IAG group such as Iberia), United Airlines, Lufthansa, Quantas or Singapore Airlines.
Iberia has chosen to notify customers of this incident by email instead of by phone, being aware that cybercriminals frequently use this method, requesting passwords or sensitive information from users with the excuse that there has been a security leak.
Even so, some Iberia Plus customers have contacted the company to verify that it was a true message.