International Civil Aviation Organization Investigating Security Incident

share
Header image

International Civil Aviation Organization Investigating Security Incident

share

Around 42,000 recruitment application data records potentially compromised.

The United Nations' civil aviation agency is investigating reports of a "potential information security incident."

The International Civil Aviation Organization (ICAO) said in a statement that it was “actively investigating reports of a potential information security incident” that is allegedly linked to a threat actor known for targeting international organisations.

It confirmed that the incident involved approximately 42,000 recruitment application data records from April 2016 to July 2024. The compromised data includes recruitment-related information that applicants entered into its system, such as names, email addresses, dates of birth, and employment history.

“The affected data does not include financial information, passwords, passport details, or any documents uploaded by applicants,” it stated. It also confirmed that the incident is limited to the recruitment database, and does not affect any systems related to aviation safety or security operations. 

It said: “Our investigation and response efforts continue, and we have implemented additional security measures to protect our systems. We are also working to identify and notify affected individuals.”

In an email to Reuters, ICAO confirmed to Reuters that the investigation was related to a claim reportedly made on a hacker forum on 6th January, but could not provide additional details about the incident or confirm specific claims about the data potentially involved.


Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Cyber Crime Published: 9 January Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Upcoming Events

No events found.

Related content

Cyber incident involving rerouted payment drains Zephyr of £700K

Cyber incident involving rerouted payment drains Zephyr of £700K

 Hijacked NHS Scotland domains push adult content

Hijacked NHS Scotland domains push adult content

 UK cybercrime significantly outpaces police staffing growth

UK cybercrime significantly outpaces police staffing growth
Fraud losses top £629M as UK ramps up enforcement

Fraud losses top £629M as UK ramps up enforcement

 Youth cybercrime radicalization driven by online platforms, NCA leader says

Youth cybercrime radicalization driven by online platforms, NCA leader says

 Global cybercrime clampdown disrupts over 45K illicit IP addresses

Global cybercrime clampdown disrupts over 45K illicit IP addresses
Report: UK cyberattacks grow faster than global rate

Report: UK cyberattacks grow faster than global rate