Brinztech Alert: Alleged Database of Travel Club (Air Miles España) Leaked by Everest Ransomware

Dark Web News Analysis

A threat actor identified as the Everest Ransomware Group has claimed responsibility for a massive breach of Travel Club (operated by Air Miles España, S.A.), Spain’s largest coalition loyalty program. The group has listed a 131 GB database on their dark web leak site.

Brinztech Analysis:

• The Target: Travel Club is a major loyalty platform in Spain with over 6 million members. It aggregates points from partners like Repsol, Eroski, and various airlines, making it a central repository of consumer behavioral data.
• The Attack: This is a Double Extortion ransomware attack. Everest claims to have exfiltrated the data before encrypting the company’s internal systems. The leak was published after the company reportedly failed to meet ransom demands in late November/early December 2025.
• The Data: The 131 GB dump allegedly contains:
  • Customer PII: Full Names, Emails, and Demographic data.
  • Loyalty Data: Account IDs, Point Balances, and Transaction Histories (spending habits at partner stores).
  • Marketing Data: Detailed customer profiles used for cross-promotional analytics.

Key Cybersecurity Insights

This confirmed breach presents a cascading threat to Spanish consumers and the loyalty sector:

• Loyalty Program Fraud: Loyalty points are a “liquid” currency for cybercriminals. With access to Account IDs and point balances, attackers can attempt to hijack accounts to redeem points for gift cards or travel vouchers before the legitimate owner notices.
• Targeted “Smishing” (SMS Phishing): The transaction history is the most dangerous asset here. Attackers can send highly specific phishing SMS messages (e.g., “Your Repsol points from your last fill-up are expiring, click here to redeem”), leveraging real shopping data to build trust.
• Supply Chain Impact: Travel Club connects dozens of major retailers (airlines, supermarkets, gas stations). The breach exposes the “marketing intelligence” of these partners, potentially revealing strategic customer segments to competitors.
• Regulatory Fallout (GDPR): As a Spanish entity, Air Miles España faces strict GDPR scrutiny. The exposure of 6 million user records could lead to massive fines from the AEPD (Spanish Data Protection Agency) if negligence is proven.

Mitigation Strategies

In response to this leak, Travel Club members and partner organizations must take immediate action:

• Mandatory Password Reset: Users must change their Travel Club passwords immediately. If they used the same password for their email or banking apps, those must be rotated as well.
• Monitor Point Balances: Members should log in (via the official app only) to check for unauthorized redemptions. Report any missing points to customer support immediately.
• Phishing Vigilance: Be skeptical of any email or SMS claiming to be from “Travel Club” or “Air Miles” regarding point expiration or “bonus offers.” Do not click links; go directly to travelclub.es.
• Partner Audit: Retail partners (e.g., Eroski, Repsol) should audit their API connections to Travel Club to ensure the attackers cannot pivot from the loyalty platform into their own corporate networks.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com