International Airlines Group (IAG) Company Cyber Security Posture
iairgroup.comInternational Airlines Group is one of the world's largest airline groups with 582 aircraft flying to more than 250 destinations and carrying around 115 million passengers in 2023. Formed in January 2011, IAG is the parent company of Aer Lingus, British Airways, Iberia, Vueling and LEVEL. It is a Spanish registered company with shares traded on the London Stock Exchange and Spanish Stock Exchanges. The corporate head office for IAG is in London, UK. IAG combines leading airlines in the UK, Ireland and Spain, enabling them to enhance their presence in the aviation market while retaining their individual brands and current operations. The airlines' customers benefit from a larger combined network for both passengers and cargo, and a greater ability to invest in new products and services through improved financial robustness.
IAG( Company Details
international-airlines-group-iag-
0 employees
66595.0
481
Airlines and Aviation
iairgroup.com
Scan still pending
INT_1645470
In-progress
IAG( Risk Score (AI oriented)Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
IAG( Global Score.png)
International Airlines Group (IAG) Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
International Airlines Group (IAG) Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| British Airways | Breach | 100 | 4 | 06/2023 | BRI0112623 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: British Airways disclosed that the data breach experienced by the payroll service provider Zellis has an effect on them. The BBC and British Airways employees' personal information was exposed as a result of the cyberattack on the payroll service Zellis. According to reports, British Airways was one among the companies damaged by a cyber security attack against MOVEit's target, the UK-based payroll provider Zellis. | |||||||
| British Airways | Data Leak | 85 | 4 | 09/2018 | BRI45811122 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: Credit card details of hundreds of thousands of British Airways customers were stolen over a two-week period in the most serious attack on its website and app. It immediately contacted customers when the extent of the breach became clear. Around 380,000 card payments were compromised. Hackers obtained names, street and email addresses, credit card numbers, expiry dates and security codes. The attack came 15 months after the carrier suffered a massive computer system failure at London's Heathrow airport, which stranded 75,000 customers over a holiday weekend. The attackers had not broken the airline's encryption but did not explain exactly how they had obtained the customer information. The attackers had probably targeted a gateway between the airline and a payment processor because no travel details had been stolen. BA advised customers to contact their bank or credit card provider and follow their recommended advice. | |||||||
| British Airways | Data Leak | 85 | 4 | 08/2019 | BRI0563423 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: British Airways found a security bug which has the potential to expose passengersโ data, including their flight booking details and personal information. It was an attack that could expose victimsโ booking reference numbers, phone numbers, email addresses and more. It was found that bad actors could either view the victimโs personal data, or manipulate their booking information. The exposed information includes email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight information like flight number, flight times, and seat number. | |||||||
International Airlines Group (IAG) Company Subsidiaries
International Airlines Group is one of the world's largest airline groups with 582 aircraft flying to more than 250 destinations and carrying around 115 million passengers in 2023. Formed in January 2011, IAG is the parent company of Aer Lingus, British Airways, Iberia, Vueling and LEVEL. It is a Spanish registered company with shares traded on the London Stock Exchange and Spanish Stock Exchanges. The corporate head office for IAG is in London, UK. IAG combines leading airlines in the UK, Ireland and Spain, enabling them to enhance their presence in the aviation market while retaining their individual brands and current operations. The airlines' customers benefit from a larger combined network for both passengers and cargo, and a greater ability to invest in new products and services through improved financial robustness.
Access Data Using Our API
Get company history
Rapid.png)
IAG( Cyber Security News
British Airways owner IAG wants to create world's best airline VC -
Nacho Tovar, the head of airline group IAG's investment arm, says the new โฌ200m fund could unlock efficiency and a sustainable future forย ...
Cyber attacks: Co-op and Harrods โlacked insurance coverageโ
At the end of April, Harrods and the Co-op became the latest major UK households to be hit by a cyber attack. On 30 April,ย ...
Aviations Post-Pandemic Recovery: Passenger Traffic & Growth Trends
The aviation industry is navigating a complex landscape filled with challenges but also significant opportunities.
FTE Airline Digital Transformation Power List EMEA 2025
The EMEA edition champions the most transformative change enablers within the airline and airport industry in Europe, the Middle East and Africa.
Major cyber attack disrupts holiday season flights at Japan Airlines
Japan Airlines said it was hit by a cyberattack on Thursday, causing delays to more than 20 domestic flights but the carrier said it wasย ...
Europe Daily News, 13 March 2025
Stay up to date with our insights. See how we use a multidisciplinary, integrated approach to meet our clients' needs.
Cyber attacks will get worse without serious regulation, experts say
Why did this superstar UK income share jump 15% in the past month? This FTSE 100 income share is a dividend superstar, hiking shareholderย ...
People Moves: Dr. Ben Dias, International Airlines Group
Dr. Ben Dias ยท Why The EU's AI Investment Plan is a Global Game-Changer. AI & Machine Learning ยท People Moves: Leon Butler. Data & Dataย ...
Air Europa says customer data may have been compromised in October breach
Spanish airline Air Europa said on Friday personal data of its customers may have been compromised in a security incident that was detectedย ...
IAG( Similar Companies
PT. Gapura Angkasa
Established in 1998 as an independent ground services provider, Gapura offers greater competition in the local ground handling scene, providing airlines operating in more than 50 major airports Nationally with an alternative choice in quality ground services; encompassing ramp, cargo & warehousing,
Malaysia Airports
Our Vision A Global Airport Group That Champions Connectivity and Sustainability Our Brand Promise Hosting Joyful Connections About Malaysia Airports Malaysia Airports manages and operates 39 airports in Malaysia and one international airport in Istanbul, Turkey. The 39 airports in Malays
Singapore Airlines
Welcome aboard Singapore Airlines on LinkedIn. Discover travel inspirations, business travel tips, cultural insights, our latest updates, and more. Singapore Airlines is a global company dedicated to providing air transportation services of the highest quality and to maximising returns for the ben
Indian Airlines Limited
Indian Airlines Ltd has been merged with Air India Ltd. The consolidated company is named as National Aviation Company of India Ltd. It operates under the marketing name of Air India. As of now the Airline operates under both AI as well as IC code. Air India has a subsidiary Low cost carrier Air Ind
Menzies Aviation
At more than 200 airport locations across 6 continents, we offer landside and airside services tailored to our customersโ needs; timed to their schedules; and delivered by teams with the knowledge, tools and passion to set standards rather than chase them. Our core services include; Ground Handling
Emirates
Based in Dubai, the Emirates Group employs over 103,363 staff from more than 160 nationalities. The Emirates Groupโs extensive and diverse international portfolio includes the worldโs largest international airline, Emirates, and one of the largest combined air services provider in the world, dnata.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
IAG( CyberSecurity History Information
How many cyber incidents has IAG( faced?
Total Incidents: According to Rankiteo, IAG( has faced 3 incidents in the past.
What types of cybersecurity incidents have occurred at IAG(?
Incident Types: The types of cybersecurity incidents that have occurred incidents Breach and Data Leak.
How does IAG( detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through communication strategy with Immediately contacted customers when the extent of the breach became clear and advised them to contact their bank or credit card provider..
Incident Details
Can you provide details on each incident?
Incident : Data Breach
Title: British Airways Data Breach via Zellis Payroll Service
Description: British Airways disclosed that the data breach experienced by the payroll service provider Zellis has an effect on them. The BBC and British Airways employees' personal information was exposed as a result of the cyberattack on the payroll service Zellis.
Type: Data Breach
Attack Vector: Cyberattack on payroll service provider
Incident : Data Exposure
Title: British Airways Data Exposure Incident
Description: British Airways found a security bug which has the potential to expose passengersโ data, including their flight booking details and personal information. The exposed information includes email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight information like flight number, flight times, and seat number.
Type: Data Exposure
Attack Vector: View victim's personal data, Manipulate booking information
Incident : Data Breach
Title: British Airways Data Breach
Description: Credit card details of hundreds of thousands of British Airways customers were stolen over a two-week period in the most serious attack on its website and app.
Type: Data Breach
Attack Vector: Website, Mobile App
Vulnerability Exploited: Gateway between the airline and a payment processor
Motivation: Financial Gain
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Data Leak.
How does the company identify the attack vectors used in incidents?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Gateway between the airline and a payment processor.
Impact of the Incidents
What was the impact of each incident?
Incident : Data Breach BRI0112623
Data Compromised: Personal Information of Employees
Incident : Data Exposure BRI0563423
Data Compromised: email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight number, flight times, seat number
Incident : Data Breach BRI45811122
Data Compromised: Credit card numbers, Expiry dates, Security codes, Names, Street and email addresses
Systems Affected: Website, Mobile App
Payment Information Risk: High
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight number, flight times, seat number, Credit card numbers, Expiry dates, Security codes, Names and Street and email addresses.
Which entities were affected by each incident?
Incident : Data Breach BRI45811122
Entity Type: Company
Industry: Aviation
Location: United Kingdom
Customers Affected: 380000
Response to the Incidents
What measures were taken in response to each incident?
Incident : Data Breach BRI45811122
Communication Strategy: Immediately contacted customers when the extent of the breach became clear and advised them to contact their bank or credit card provider.
Data Breach Information
What type of data was compromised in each breach?
Incident : Data Breach BRI0112623
Type of Data Compromised: Personal Information
Incident : Data Exposure BRI0563423
Type of Data Compromised: email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight number, flight times, seat number
Personally Identifiable Information: email address, telephone numbers, BA membership numbers, first and last name
Incident : Data Breach BRI45811122
Type of Data Compromised: Credit card numbers, Expiry dates, Security codes, Names, Street and email addresses
Number of Records Exposed: 380000
Sensitivity of Data: High
Data Encryption: Unbroken
Personally Identifiable Information: Names, Street and email addresses
Investigation Status
How does the company communicate the status of incident investigations to stakeholders?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through was Immediately contacted customers when the extent of the breach became clear and advised them to contact their bank or credit card provider..
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident?
Incident : Data Breach BRI45811122
Customer Advisories: Advised customers to contact their bank or credit card provider and follow their recommended advice.
What advisories does the company provide to stakeholders and customers following an incident?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Advised customers to contact their bank or credit card provider and follow their recommended advice..
Initial Access Broker
How did the initial access broker gain entry for each incident?
Incident : Data Breach BRI45811122
Entry Point: Gateway between the airline and a payment processor
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal Information of Employees, email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight number, flight times, seat number, Credit card numbers, Expiry dates, Security codes, Names and Street and email addresses.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident were Website, Mobile App.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Personal Information of Employees, email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight number, flight times, seat number, Credit card numbers, Expiry dates, Security codes, Names and Street and email addresses.
What was the number of records exposed in the most significant breach?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 380.0.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued?
Most Recent Customer Advisory: The most recent customer advisory issued was was an Advised customers to contact their bank or credit card provider and follow their recommended advice.
Initial Access Broker
What was the most recent entry point used by an initial access broker?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Gateway between the airline and a payment processor.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
