RansomHub group claims major data theft at Mexican airports operator OMA

News29 Oct 2024

Mexican airports operator Grupo Aeroportuario del Centro Norte said it experienced a data security incident that forced it to take several systems offline and rely on backup systems.

In a recent press release, Grupo Aeroportuario del Centro Norte (commonly known as OMA), responsible for operating and managing 13 international airports in Mexico, said that it has identified a data security incident that involved unauthorised threat actors infiltrating its internal network.

The company says it has launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

“The OMA IT team, in collaboration with external cybersecurity experts, is actively investigating the incident to determine its scope and ensure the protection of the integrity, confidentiality and availability of our systems.

“Our operations are working through alternative and backup systems. To date, no adverse material effect has been presented in the operations, results or financial position of the company, which will be evaluated continuously until the situation has been completely resolved,” reads the press release.

Recently, the RansomHub ransomware group claimed responsibility for the cyber attack on OMA and listed it as a victim on its data leak site. The group claims to be in possession of 3 terabytes of data allegedly stolen from the company.

🚨Cyberattack Alert ‼️

🇲🇽Mexico - Grupo Aeroportuario del Centro Norte (OMA)

RansomHub ransomware group claims responsibility for the attack on Grupo Aeroportuario del Centro Norte (OMA).

Allegedly, exfiltrated data includes investment reports, financial documents, sales and… https://t.co/NcVCgJBO8C pic.twitter.com/gL0WP6sb5H
— HackManac (@H4ckManac) October 24, 2024

The stolen data includes investment reports, financial documents, sales and accounting data, shareholder information, personal information of investors, client lists, assessments, agreements, and personal data of employees and customers including their addresses, contacts, passport scans, confidential internal correspondence, passwords, credentials, and SQL databases.

The ransomware group also said that it has evidence of some employees collaborating with cartels. It has given OMA till November 3 to pay a ransom, failing which it has threatened to leak the stolen data.

Please take 30 seconds to register

Register Now

Already have an account? Sign in

RansomHub group claims major data theft at Mexican airports operator OMA

Please take 30 seconds to register

Deblina Jay

More from this author

RCI Internet Services says March data breach affected over 40,000 people

Mid and South Essex NHS Trust impacted by 2024 ransomware attack on Synnovis

Plaza Home Mortgage says February data breach affected over 135,000 customers

Related Articles

When ransomware strikes

The reality of resilience to ransomware

How long till we are back online?

Navigating the UK’s ransomware payment ban

Most Viewed

New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY

Don’t allow AI experiments to become quiet business risksSponsored by alice.io

The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty

Ransomware attack on Extant Aerospace exposed sensitive personal data

AI-related data breaches surging, Verizon report says

The Expert View: Transforming security through risk intelligenceSponsored by Obrela

How generative, agentic and predictive systems are reshaping cyber-risk

OpenAI gives European companies access to its latest models to bolster resilience

Anthropic to brief global financial watchdog on cyber flaws exposed by Mythos, FT reports

Japan's bank regulator sets up forum to counter Mythos-powered cyber threats

Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF

23-29 Hendon Lane, London, N3 1RT

020 8349 4363

info@teiss.co.uk