Iberia, the Spanish national airline and subsidiary of IAG (International Airlines Group), disclosed in November 2025 that a third-party vendor breach had exposed loyalty programme member data. The compromised data included Iberia Plus loyalty card member names, email addresses, and loyalty card identification numbers. Iberia notified affected members and filed notifications with Spain’s AEPD (Agencia Española de Protección de Datos).