Iberia is advising its customers to be vigilant for any suspicious communications they may receive following the data breach that occurred on Saturday, November 29.

"The current investigation indicates that data such as names, surnames, email addresses, and loyalty card identification numbers may have been leaked," the airline stated in a press release published this past weekend.

Iberia reports that as soon as they became aware of the incident, they activated their protocol and implemented all necessary technical and organizational measures to contain it. This included monitoring the situation and notifying the relevant authorities.

The company warns that if customers receive calls from the number 900 111 500, it could be a fraudulent call intended to scam them. This is yet another example of how cybersecurity not only protects a company's reputation but also safeguards customer privacy.

What should Iberia do now to strengthen its cybersecurity?

- Urgently implement a standards-compliant ISMS and require all suppliers to meet equivalent security criteria.

- Conduct external security audits of critical systems and repeat them periodically.

- Enable data encryption at rest and in transit, along with MFA authentication and strict access control

- Establish a formal risk assessment and vendor management process, with regular reviews and independent controls.

- Invest in ongoing cybersecurity training and awareness for staff; promote an organizational culture where digital security is a shared priority.

- Participate in industry forums and associations to share threat intelligence, best practices, and incident response protocols.

Cybersecurity is a community effort that benefits us all, and we must work together to create a system where our data is safe.