Spanish flag carrier Iberia confirmed a third‑party cyberattack that compromised customer names, emails and loyalty card IDs. While passwords remain safe, a dark‑web ad offering 77 GB of internal data raises doubts about a separate, more extensive breach. The incident underscores the risks of supply‑chain vulnerabilities in the aviation sector.