
Air Miles España (Travel Club) Breach
Dec 8, 2025
2,657,513 rows
Added on Dec 12, 2025
What happened in the Air Miles España (Travel Club) Breach?
DataBreach.com Team · December 11th 2025, 7:00 pm EST
Overview
In conjunction with the attacks on Iberia Airlines and Collins Aerospace, the Everest ransomware group has leaked data belonging to Air Miles España S.A., the entity responsible for managing loyalty programs (including Travel Club).
Following the expiration of the ransom deadline, Everest published the data on December 9, 2025. The leaked files include detailed CSV exports that appear to be direct dumps from a CRM or marketing database (likely Salesforce Marketing Cloud, based on file headers).
Compromised Data Claimed (Analyzed via CSV Headers)
Analysis of the file headers reveals a highly granular exposure of user profiles, behavioral data, and account status.
1. Personal Identity & Contact Info:
- Full Names & Emails: Identified via columns
DCNOMBRE,DCEMAIL,EMAILADDRESS. - Demographics: Date of birth (
CDDIA_NACIMIENTO) and Gender (CDSEXO). - Account IDs: Unique identifiers including
IDCUENTA,IDLUHM(Likely "Loyalty Unique Household Member"), andSubscriberKey.
2. Loyalty & Financial Status:
- Point Balances: Current account balance exposed via
CASALDO. - Tier & Segmentation: User segment/tier level (
CDSEGMENTO) and program affiliations (IBPROGRAMA_TVC,IBPROGRAMA_RPS). - Account Status: Dates of registration (
CDDIA_ALTA) and physical/email unsubscribe dates (CDDIA_BAJA_FISICA,CDDIA_BLQ_EMAIL).
3. Behavioral & Transactional Intelligence:
- Activity Logs: Timestamps for Last Redemption (
f_ult_redencion), Last Activity (f_ult_actividad), and Last App Access (f_ult_acceso_app). - Shopping Habits: Data linking users to specific sponsors/partners (
CDPATROCINADOR), stores (CDTIENDA), and offer interaction history (IDOFERTA,IDCOMPORTAMIENTO).
4. Technical Metadata:
- System Source: The presence of
SFMC_DATE_INSERTstrongly suggests this data was exfiltrated from a Salesforce Marketing Cloud integration or backup.
Recent News











Ho-ly G*t: TeamPCP Claims Theft of Thousands of GitHub Internal Repositories
a month ago

17M Nissan cars impacted by large ransomware attack
3 months ago

Iranian hackers just used Stryker’s own security tools to delete itself
4 months ago

Massive Odido cyberattack leaks customer IBANs and government IDs
4 months ago

Figure breach proves blockchain cannot save us from human error
4 months ago

Substack notifies users of data breach affecting nearly 700,000 accounts
5 months ago

UPenn claims "Under 10" victims in 1.2M breach involving donors like Trump and Musk
5 months ago

How 0apt is Using Random Noise to Fake a Ransomware Empire
5 months ago

Hackers Are Now Using Global-e Data to Target Ledger Owners at Their Home Addresses
6 months ago

Meta Denies Instagram Breach After Password Reset Panic
6 months ago

Why the 2.3 Million Wired Record Breach Is a Nightmare for Condé Nast
6 months ago