KLM & Flying Blue Data Allegedly for Sale
Overview On 6 August 2025, cyber threat intelligence sources detected a hacker forum post advertising the sale of customer data allegedly sourced from KLM Royal Dutch Airlines and its Flying Blue loyalty program. The dataset reportedly contains 350 records in CSV format, traced to systems linked with klm.com and flyingblue.com, and is offered for $10,000. […]
LAX Data Scandal: Personal and Flight Details Allegedly Up for Grabs on the Dark Web
Overview On July 31st 2025, a threat actor on a dark web forum claimed to be selling a database allegedly sourced from Los Angeles International Airport (LAX). The database reportedly contains 1 million rows of personal and flight-related information, including names, email addresses, flight codes, and company affiliations. While the authenticity of the data remains […]
TAP Air Portugal Targeted in Alleged Data Leak
Overview In early April 2025, a dark web post surfaced offering a 1GB dataset allegedly stolen from TAP Air Portugal, reportedly containing over 6.2 million records from 2023. Sample data indicates the presence of personally identifiable information (PII) such as names, emails, phone numbers, and potentially other sensitive customer or employee details. The breach remains […]
Aeroflot Hit by Year-Long Cyberattack
Overview On 28 July 2025, Russian flag carrier Aeroflot confirmed a massive IT outage initially reported as an “information-system failure.” Subsequent disclosures from pro-Ukraine hacktivist groups Silent Crow and Cyber Partisans BY revealed a year-long clandestine cyberattack that culminated in the complete destruction of Aeroflot’s internal IT infrastructure. The attackers claim they gained access via […]
Hackers Trick Hawaiian Airlines – FBI on the Case
Overview Between 23–27 June 2025, Hawaiian Airlines reported a cybersecurity incident now attributed to Scattered Spider, a sophisticated threat group known for social engineering, MFA bypass, and extortion-driven data theft. The U.S. Federal Bureau of Investigation (FBI) is investigating the event, which allegedly affected the airline’s IT systems. While flight operations were not disrupted, the […]
Data Breach of Civil Aviation Authority of Papua New Guinea
Overview On 30 May 2025, a threat actor claimed to have exploited a SQL injection vulnerability in the Civil Aviation Authority of Papua New Guinea (CAAPNG) system. Evidence shared on dark web forums suggested unauthorized access to aviation-related data, with the attacker openly seeking collaborators to further exploit the breach. Though this event targets a […]
Alleged Airport Code Database Leak on Dark Web
Overview On 22 June 2025, cyber threat researchers identified a claim by a group calling itself “Weewoo” that they had successfully exfiltrated and leaked data from airportcodes.aero — a public-facing site that aggregates IATA and ICAO airport code information. The attackers shared the announcement on a dark web forum and linked Telegram channel, stating that […]
Admin Access to Aviation Maintenance Firm Offered for Sale on Dark Web Targeted Exposure of Critical Aviation Infrastructure
Overview On 21 June 2025, our cyber threat monitoring team has flagged a dark web post advertising unauthorized admin access to a company operating in the aviation maintenance and rotorcraft services space. The seller is actively soliciting buyers via Telegram and private messaging, consistent with common black-market tactics used for brokering privileged access. This event […]
Aerodreams Compromised by Handala Ransomware Group
Overview On 14 June 2025, the ransomware group Handala publicly claimed responsibility for a major breach of Aerodreams, an aviation company reportedly linked to drone programs, elite pilot training, and covert logistics. The attackers claim to have exfiltrated 400 gigabytes of internal data, which they suggest may soon be leaked. The incident highlights the increasing […]
Ransomware attack on Business Aviation Operator
In early June 2025, a European business aviation provider was named by the Qilin ransomware group on a dark web leak site.
