HomeNewsBreachesAbout
Account
air-miles-espana-2025

Air Miles España (Travel Club) Breach

Dec 8, 2025

2,657,513 rows

Added on Dec 12, 2025

Search the Leak

Email
Full Name

What happened in the Air Miles España (Travel Club) Breach?

DataBreach.com Team · December 11th 2025, 7:00 pm EST

Overview

In conjunction with the attacks on Iberia Airlines and Collins Aerospace, the Everest ransomware group has leaked data belonging to Air Miles España S.A., the entity responsible for managing loyalty programs (including Travel Club).

Following the expiration of the ransom deadline, Everest published the data on December 9, 2025. The leaked files include detailed CSV exports that appear to be direct dumps from a CRM or marketing database (likely Salesforce Marketing Cloud, based on file headers).

Compromised Data Claimed (Analyzed via CSV Headers)

Analysis of the file headers reveals a highly granular exposure of user profiles, behavioral data, and account status.

1. Personal Identity & Contact Info:

  • Full Names & Emails: Identified via columns DCNOMBRE, DCEMAIL, EMAILADDRESS.
  • Demographics: Date of birth (CDDIA_NACIMIENTO) and Gender (CDSEXO).
  • Account IDs: Unique identifiers including IDCUENTA, IDLUHM (Likely "Loyalty Unique Household Member"), and SubscriberKey.

2. Loyalty & Financial Status:

  • Point Balances: Current account balance exposed via CASALDO.
  • Tier & Segmentation: User segment/tier level (CDSEGMENTO) and program affiliations (IBPROGRAMA_TVC, IBPROGRAMA_RPS).
  • Account Status: Dates of registration (CDDIA_ALTA) and physical/email unsubscribe dates (CDDIA_BAJA_FISICA, CDDIA_BLQ_EMAIL).

3. Behavioral & Transactional Intelligence:

  • Activity Logs: Timestamps for Last Redemption (f_ult_redencion), Last Activity (f_ult_actividad), and Last App Access (f_ult_acceso_app).
  • Shopping Habits: Data linking users to specific sponsors/partners (CDPATROCINADOR), stores (CDTIENDA), and offer interaction history (IDOFERTA, IDCOMPORTAMIENTO).

4. Technical Metadata:

  • System Source: The presence of SFMC_DATE_INSERT strongly suggests this data was exfiltrated from a Salesforce Marketing Cloud integration or backup.
For media inquiries, contact us at contact@databreach.com