UN Aviation Agency Data Breach: Thousands of Records Accessed

ICAO Confirms Data Breach Affecting Recruitment Records

The United Nations' specialized agency for aviation has acknowledged a security incident resulting in unauthorized access to a significant number of records.

A hacker, operating under the pseudonym “Natohub,” asserted responsibility for obtaining 42,000 documents from the International Civil Aviation Organization (ICAO) over the past weekend.

Investigation and Confirmation

ICAO initiated an investigation into the reported breach on Monday. An updated statement provided to TechCrunch on Tuesday confirmed the validity of Natohub’s claims regarding the data access.

The agency stated that the incident involved approximately 42,000 records pertaining to recruitment applications submitted between April 2016 and July 2024, which the threat actor, Natohub, has allegedly released.

Details of Compromised Data

The data accessed included personal information submitted by job applicants. This encompassed names, email addresses, dates of birth, and details of their employment history.

Importantly, ICAO clarified that the breach did not extend to sensitive financial data. Passwords, passport details, and any documents uploaded by applicants were not compromised.

Scope and Response to the Breach

ICAO has characterized the breach as being confined to the recruitment database. Efforts are currently underway to pinpoint and inform all individuals whose data may have been affected.

The organization is actively working to mitigate the impact of this incident and enhance the security of its systems.