The Spanish loyalty platform Travel Club is facing a reported ransomware incident attributed to the ransomware group Everest. The platform is operated by Air Miles España and is widely used across the country as a points program connected to major retailers and travel partners. According to information published by the attackers, the incident involves the claimed theft of 131GB of data that contains millions of customer records. The data presented in the leak announcement includes names, email addresses, account identifiers, demographic details and information tied to loyalty program activity. Everest stated that it is seeking payment from the company and set a countdown for a response.
Researchers who reviewed the attackers’ posts said the evidence included a screenshot of a CSV file that lists full names and email addresses. Although this does not confirm the full extent of the breach, the sample is consistent with the type of data typically stored by loyalty platforms with large customer bases. Travel Club has more than six million members in Spain and collaborates with brands such as Repsol, Eroski and Iberia. These partnerships allow customers to earn points through purchases across different sectors. The scale of these relationships means that a breach could affect not only end users but also corporate partners that rely on shared marketing and analytics services.
Ransom claim and group tactics
The Everest group is known for what analysts describe as a double extortion approach. In this model, attackers extract data before attempting to disrupt systems through encryption. They then pressure victims by threatening to publish the stolen information if payment is not made. This tactic increases the chance of reputational harm because affected organisations face both operational damage and the risk of sensitive data being released. The group has been active since at least 2021 and has been linked to previous incidents involving companies in telecommunications, apparel retail and enterprise services.
In the Travel Club case, Everest claimed that the exfiltrated data included millions of customer entries. If accurate, this would represent a significant trove of personal information that could be misused in targeted phishing campaigns or credential-harvesting schemes. Large loyalty platforms are frequent targets because they maintain detailed records of customer behaviour, contact information and transactional activity. This combination of data types can be profitable for attackers and can also support further fraud attempts against individuals.
Air Miles España did not issue a formal statement regarding the incident at the time of reporting. The lack of confirmation leaves open questions about the operational impact on the platform and whether any internal systems were encrypted. The available information primarily comes from the attackers’ claims and from security researchers who reviewed the material that Everest posted online.
Potential consequences for customers and partners
Security analysts said the breach is likely to draw scrutiny under European data protection rules if the exposure is verified. Loyalty program data often qualifies as personal information, which means breaches can trigger notification requirements and potential regulatory action. Customer trust could be affected if individuals become targets of unsolicited messages or phishing attempts that reference accurate personal information taken from the dataset.
Partner companies may also face indirect consequences. Retailers and travel providers that participate in Travel Club campaigns often integrate customer interactions with their own marketing systems. If customer data linked to those programs were leaked, it could force partners to reassess how they manage promotional data and whether they need to notify their own users about possible risks.
Researchers said that customers should be alert to unexpected contact claiming to originate from Travel Club or related partners. Messages requesting account verification, password resets or payment information should be treated with caution. Individuals can reduce the likelihood of fraud by avoiding links sent through unsolicited messages and by confirming account activity directly on the official site.
The situation remains fluid, and the extent of the breach will become clearer if Air Miles España provides an update or if the attackers publish more data. For now, the claims by Everest highlight the continuing risk faced by loyalty program operators that maintain large datasets and serve broad retail networks.