Air Miles España (Travel Club) Breach Claim — 23,177,370 ...

Claim Summary

An unverified post on a dark web forum alleges a significant data breach affecting Air Miles España, the operator of the Travel Club loyalty platform in Spain. The post, authored by a user named “thelastwhitehat,” claims to be sharing a customer database containing over 23 million records. According to the post, the data was originally exfiltrated by the Everest ransomware group in December 2025 after the company purportedly failed to respond to the group’s demands. The forum user claims to be providing a curated dataset of customer information, which is said to be a subset of a larger 131 GB internal data theft. The post includes a file hash and specific size details for the alleged data dump.

What Is Allegedly Exposed

The threat actor claims the leaked database contains approximately 23,177,370 records, which reportedly include over 3.1 million unique email addresses. The types of personal information purportedly exposed are:

• Full names
• Email addresses
• Dates of birth
• Genders
• Demographic information
• Customer activity and marketing preference data

The post specifies that the shared file is compressed and provides an MD5 hash (30F7B8F727F194FAE117936205427B9E) for verification. It claims the uncompressed data totals roughly 9.41 GB. No sample data or proof-of-exploit was provided in the visible portion of the post.

Threat Actor Profile

The post credits the initial breach to the “Everest” ransomware group, a known cybercriminal operation. However, the forum poster, “thelastwhitehat,” is the immediate source of this claimed leak. The specificity of the file hash and sizes could suggest some level of technical detail, but the author’s username and the lack of a known reputation on these forums are red flags. The post was also edited multiple times by an automated forum tool, which is a common feature but does not validate the claims. The involvement of a reputable group like Everest lends some contextual plausibility, but their alleged participation remains unconfirmed.

Potential Impact

If the claims are true, the exposure of this volume of personal data could have serious consequences. The combination of names, dates of birth, and email addresses is a potent dataset for follow-on phishing attacks, identity theft, and credential stuffing campaigns against customers. The inclusion of demographic and activity data could also enable highly targeted social engineering scams. For the organization, such a breach would represent a major incident, potentially triggering regulatory scrutiny under laws like the GDPR in Spain and causing significant reputational damage to the Travel Club brand.

What to Watch For

• Official Statement: Monitor for any official breach notification or statement from Air Miles España or Travel Club regarding the alleged December 2025 incident.
• Data Validation: Watch for other threat actors or researchers who may analyze the hashed file to confirm its contents and legitimacy. The provided MD5 hash allows for technical verification if the file appears elsewhere.
• Actor Communication: Note if the Everest group claims responsibility on their dedicated leak site, which would add credibility to the initial breach narrative.
• Data Usage: Be alert for signs of the allegedly exposed data being used in phishing campaigns or sold on other criminal marketplaces, which would indicate the data is in active circulation.

Disclaimer

This report details an unverified claim from a dark web forum. The alleged data breach, its scale, and the involvement of specific threat actors have NOT been independently confirmed by Yazoul Security or external researchers. The details presented are based solely on the assertions of a forum poster. Organizations and individuals should treat this as potential threat intelligence, not a confirmed event, and await official communication from the implicated company. The provided file hash should be used for defensive indicator sharing only, not to download or access the potentially illicit data.