Cyber Incident Victim: Airlink International UAE

On May 30, 2020, cybersecurity researchers from Cyble identified a data leak involving Airlink International UAE, a travel and logistics firm with over 200 employees and approximately $250 million in annual revenue. The breach originated from a misconfigured server containing 60 directories, each holding roughly 5,000 files. A threat actor collective known as KelvinSecTeam initially published the data freely on dark web forums that day. Cyble detected the exposure during routine monitoring activities, noting the dataset’s availability could enable malicious actors to launch targeted attacks against affected organizations. The leaked information encompassed 14 folders and 53,555 files documenting the company’s global operations.

The compromised records included accommodation reservations, airline tickets, and logistics service details spanning customers across Africa, Asia, and Europe. Following the initial leak, a separate threat actor redistributed the same dataset across additional dark web platforms in an apparent effort to gain recognition within cybercriminal communities. No evidence suggested data theft via sophisticated intrusion methods; the exposure stemmed solely from the server misconfiguration. The incident exposed sensitive client transactions and operational documents but did not include explicit details about Airlink’s internal systems or cybersecurity defenses. Cyble’s analysis confirmed the data’s authenticity through sample verification but did not report any containment measures or responses from Airlink International UAE following the disclosure. The persistent availability of these records on underground forums heightened risks of fraud, phishing campaigns, and identity theft targeting the company’s international client base.