The Everest ransomware group has claimed responsibility for breaching two major organizations in the aviation and financial sectors. The group, known for its double-extortion tactics, has listed these entities on its leak site and is threatening to release sensitive internal data.
This activity follows the group’s high-profile involvement in the Collins Aerospace breach last month. For context on the group’s operations and motives, you can read our previous coverage here: Exclusive: Everest Ransomware Group Interview on Collins Aerospace Breach
The latest list of alleged victims posted by the group includes:
-
Iberia Airlines (🇪🇸): The flag carrier airline of Spain. The threat actors claim to have exfiltrated 596 GB of internal company data, demanding a price of $6 million to prevent the leak.
-
National Money Mart Company (🇺🇸 🇨🇦): A financial services company providing check cashing and payday loans, primarily operating in the USA and Canada. The group claims to have accessed over 80,000 files from the company’s internal database.
According to the actor, the allegedly compromised data includes:
Iberia Airlines:
-
Passenger full names and dates of birth
-
Email addresses and phone numbers
-
Emergency contact information
-
Frequent flyer program details
-
Ticket numbers and booking structures
-
Special needs and preferences (meal requests, seat selection)
-
Internal booking and transaction logs

National Money Mart Company:
-
Full names and physical addresses
-
Dates of birth
-
Social Security Numbers (SSI) and Driver’s License numbers
-
Credit card account numbers and limits
-
Financial transaction logs and purchase orders
-
Employee names, email addresses, and employment history
-
Internal administrative codes and system profile data












