UN Aviation Agency Confirms Breach Of Database, 42,000 Records Exposed

The International Civil Aviation Organization (ICAO) has confirmed a security breach of its recruitment database, following claims by a hacker known as “Natohub.” The hacker allegedly accessed and released 42,000 recruitment application records.

According to ICAO, the compromised data includes job applicants’ personal information spanning from April 2016 to July 2024. The Register reports that the breach was first reported by an individual using the Natohub alias on a popular cybercrime forum over the weekend, which led ICAO to launch an investigation into the incident.

Natohub stated that the data, available for a small fee, contains various personal details, including full names, birthdates, home addresses, phone numbers, email addresses, marital status, gender, education, and employment history.

The Record notes that Natohub, registered just six months ago, previously claimed to access personal data of 14,000 UN delegates last month. However, ICAO assured that no financial details, passwords, passport information, or documents uploaded by applicants were affected.

TechCrunch reported that by Tuesday, the agency acknowledged the validity of the claims. In its official statement, ICAO clarified that the breach was limited to the recruitment database and emphasized that no other systems were impacted. ICAO has begun identifying those affected and is working to notify the individuals whose data was compromised.

This breach comes amid growing concerns over cyber threats targeting the aerospace and defense sectors. A recent campaign known as “Iranian Dream Job” has raised alarms, particularly in the context of phishing and malware attacks.

Experts urge organizations in the aerospace, aviation, and defense sectors to remain vigilant. Educating employees on phishing risks, implementing robust security protocols, and staying updated on emerging threats are critical steps to safeguarding against these deceptive cyber-attacks.