Quantum Threats and Airlines: The Clock Is Ticking for Your Data

When an airline as large as Iberia admits to a data breach, the immediate reaction is usually: what went wrong? But perhaps the more important question is no longer that, but rather: what will we do to ensure that when quantum computing arrives, we are not exposed irreversibly?

The recent incident that hit Iberia, caused by a compromised third-party provider, exposed names, emails, phone numbers, and frequent flyer numbers of millions of customers. The company assured that no passwords or banking data were compromised, and so far, there’s no evidence of fraud. But looking deeper, the real issue is even more troubling: we’ve built massive digital identity repositories that never expire — and these could be permanently at risk once quantum computers become capable of breaking today’s encryption.

At TecnetOne, here’s why we believe this incident is more than just another leak.

The Real Problem: Information That Never Expires

When thinking about data breaches, we usually picture stolen credit cards. But those expire. They can be replaced or blocked.

What airlines store, on the other hand, doesn’t expire:

1. Travel histories with dates, routes, and frequency
   
   
2. Personal profiles
   
   
3. Consumption preferences
   
   
4. Loyalty program data going back decades
   
   
5. Information tied to aviation security and logistics

If someone accesses these databases, they obtain a full portrait of how you travel, where you go, and how often — even how you spend. Now imagine this data being exfiltrated today and decrypted 10 years from now thanks to quantum computing. That’s the scenario that experts are already preparing for.

"Harvest Now, Decrypt Later": The Silent Quantum Attack

Quantum computers might not be able to break modern encryption yet, but that doesn’t mean attackers are sitting idle.

There’s already a known tactic called Harvest Now, Decrypt Later, which follows this logic:

1. Steal encrypted data today.
   
   
2. Store it safely for years.
   
   
3. Wait until quantum computers can break it.

This makes every data breach today a potential time bomb.

And when we talk about airlines or critical infrastructure, we’re talking about millions of travelers, officials, businesspeople, diplomats — all exposed through their digital footprints.

Read more: Iberia Suffers Data Breach After Vendor Hack: What You Need to Know

Quantum Cybersecurity Is No Longer Optional

Many countries are already transitioning to post-quantum cryptography — algorithms designed to resist quantum attacks. But the reality is bleak:

1. ISACA says 95% of organizations have no quantum roadmap.
   
   
2. Many critical-sector companies haven’t even started risk assessments.
   
   
3. Migrating to post-quantum standards could take years.
   
   
4. Meanwhile, data continues to accumulate and grow in long-term value.

If you haven’t started planning for this, now is the time. Many of today’s secure technologies will be obsolete in the near future.

It’s Not Just Technical: It’s a Leadership Issue

Transitioning to quantum-safe cryptography isn’t just swapping out certs or patching systems. It requires strategic leadership decisions:

1. Which systems need to be migrated first?
   
   
2. What data would be irrecoverable if decrypted in 5–10 years?
   
   
3. Who is in charge of the transition?
   
   
4. How will staff be trained?
   
   
5. Which vendors are already compliant with post-quantum standards?

Until recently, the risk felt too distant. But today, quantum threats have a real timeline. Ignoring them will only make the transition slower, costlier — and possibly too late.

You might also be interested in: Aeroméxico Suffers Alleged Cyberattack: 30 Million Records at Risk

The Strategic Value of Airline Data

Airlines like Iberia are essential operators. They manage:

1. Verified identities
   
   
2. Biometric data
   
   
3. Detailed mobility records
   
   
4. Loyalty and behavioral profiles
   
   
5. High-level logistics information

This makes them prime targets for cybercriminals and nation-state actors.

South Korea, European countries, the U.S., and Japan report increasing attacks on airlines and airports each year.

In Spain alone, attacks on essential operators rose 43% in 2024. And the trend continues.

When a sector manages data this valuable and long-lasting, a breach isn’t just a company issue — it becomes a national security risk.

The Big Question: Are Organizations Ready?

If you work in IT, security, or data management, these are the urgent questions you need to ask:

1. What data do we hold that will still be sensitive in 10–15 years?
   
   
2. Where is it stored?
   
   
3. Which third parties have access?
   
   
4. How dependent are we on legacy systems?
   
   
5. Do we have a post-quantum strategy?
   
   
6. Who will lead the transition?

This is no longer a future problem. It’s a present challenge. And ignoring it only increases the risk.

Conclusion: The Window Is Still Open — But Not For Long

The Iberia case should be a wake-up call: even the most advanced companies can suffer breaches exposing millions of personal records.

But in the quantum era, the question isn’t “what happened?” — it’s “what will we do before it’s too late?”

At TecnetOne, we see it clearly: transitioning to post-quantum cryptography is a technical, strategic, and human challenge.

Those who start now will have a huge advantage over those who wait.

Your data, your clients’ data, your company’s reputation — these must be protected not just today, but 10 years from now.

The quantum threat won’t wait. And the time to act is slipping away.