Cyber Incident Victim: Accelya

On or around August 11, 2022, the AlphV/Black Cat ransomware group executed an attack against Accelya, a global technology provider serving over 250 airlines across nine countries, including major carriers such as Delta, British Airways, and United. The attackers exfiltrated company data—including emails, worker contracts, and unspecified additional information—and published it on their leak site on August 11. Accelya confirmed the incident on August 16 after two cybersecurity firms it engaged discovered the data dump. Forensic investigators determined the ransomware was confined to a limited segment of Accelya’s infrastructure, with no evidence of lateral movement into customer environments. The company stated it successfully quarantined the malware before broader propagation occurred.

Accelya initiated a review of the leaked data to identify compromised customer information and committed to notifying affected parties. The incident occurred amid heightened targeting of the aviation sector in 2022, including May ransomware attacks against India’s SpiceJet and a Canadian fighter jet supplier. AlphV/Black Cat, identified by the FBI as responsible for at least 60 ransomware incidents by March 2022, has been linked to prior groups BlackMatter and DarkSide—the latter notorious for the Colonial Pipeline attack. The group concurrently targeted entities including the city government of Alexandria, Louisiana, energy companies in Luxembourg, and Bandai Namco in July 2022. Accelya’s operational platforms for airline retailing, cargo, and analytics remained functional during the containment effort, with no reported service disruptions to clients.