UN Aviation Agency says hacker stole about 42,000 recruitment applications
The United Nations’ aviation agency has confirmed that it suffered a cyber security incident that affected its recruitment database.
The International Civil Aviation Organisation (ICAO), a specialised agency of the United Nations, coordinates the principles and techniques of international air navigation, and fosters the planning and development of international air transport to ensure safe and orderly growth.
Recently, a threat actor said they infiltrated the internal network of ICAO and listed the agency as a victim on the dark web. According to a post shared on X, the threat actor is yet to publish the stolen data that reportedly includes the personal and professional details of about 42,000 people.
🌐 Alleged Data Leak of the International Civil Aviation Organization (ICAO)
A threat actor on a popular dark web forum claims to have leaked sensitive data from the International Civil Aviation Organization (ICAO). The breach reportedly involves 42,000 documents containing… pic.twitter.com/TnBzfVZw5u
According to reports, the stolen data includes first and last names, dates of birth, gender, marital status, country, address, zip code, phone numbers, primary and secondary emails, education, and employment information.
Acknowledging the claims of the threat actor, ICAO said in a statement shared with the media that it is actively investigating whether it suffered a data security incident.
In an update issued this week, ICAO said that a threat actor using the moniker “Natohub” infiltrated its internal network and stole sensitive information from its recruitment database.
“ICAO can now confirm that the reported information security incident involving approximately 42,000 recruitment application data records from April 2016 to July 2024 claimed to be released by the threat actor known as Natohub,” the aviation agency said.
The compromised data included recruitment-related information that applicants provided to ICAO, including their names, email addresses, dates of birth, and employment history.
The UN agency has, however, confirmed that the affected data does not include financial information, passwords, passport details, or any documents uploaded by applicants. ICAO added that the incident affected the recruitment database and no other systems related to aviation safety or security operations were compromised.
“Our investigation and response efforts continue, and we have implemented additional security measures to protect our systems. We are also working to identify and notify affected individuals.
“ICAO takes the privacy and security of personal information extremely seriously. We will provide further updates as our investigation progresses,” the agency added.
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543