What Happened
On November 25, 2025, the Everest ransomware group breached Air Miles España, the operator of Spain’s Travel Club loyalty platform (travelclub.es), exfiltrating 131GB of data containing millions of customer records including names, email addresses, account IDs, demographics, activity data, and marketing information. The attack followed Everest’s double extortion model, where attackers encrypted internal systems and demanded ransom before threatening to publicly release the stolen data. Travel Club serves over six million customers across Spain through partnerships with major brands like Repsol, Eroski, and Iberia, making the breach significant for both consumers and business partners. After the ransom deadline expired, Everest published the leaked data on December 9, 2025, exposing customers to risks of phishing attacks, identity theft, and social engineering.
