Cyber Incident Victim: AerCap Holdings N.V.

On January 17, 2024, AerCap Holdings N.V., a Dublin-based aircraft leasing company, experienced a cybersecurity incident involving ransomware. The company promptly initiated an investigation with assistance from third-party cybersecurity experts and notified law enforcement authorities. AerCap confirmed it maintained full control over all IT systems throughout the incident and stated no financial losses had occurred as of the reporting date. The company's SEC Form 6-K filing emphasized that the investigation remained ongoing, particularly regarding whether data exfiltration or other data compromises had occurred. AerCap incorporated this disclosure into multiple active registration statements (Forms F-3 and S-8), reflecting regulatory compliance requirements for material event reporting. No operational disruptions or system functionality impairments were reported in the filing.

A German industry news article published on January 23, 2024, provided additional context, noting that an unidentified group had claimed responsibility for the attack and alleged exfiltration of 1 terabyte of data from AerCap's servers. AerCap's public statement acknowledged the theoretical possibility of data compromise but did not confirm the threat actor's claims. The article referenced Eurocontrol's EATM-CERT reporting system data, which documented an average of 2.5 cybersecurity incident reports weekly from European aviation entities, with ransomware being a prevalent attack vector. Eurocontrol's 2023 analysis highlighted a trend of cybercriminals targeting high-revenue organizations capable of paying substantial ransoms, sometimes demanding up to 5% of annual revenue, though no specific ransom demands or payments were disclosed in AerCap's case. The company maintained its investigation into the incident's severity and potential data impacts without providing additional technical details about attack vectors, compromised systems, or remediation timelines.