Cyber Incident Victim: AHS Aviation Handling Services GmbH
Date:
Apr 2022
Location:
Germany
Summary
AHS Aviation Handling Services GmbH experienced a cyberattack compromising administrative IT systems, rendering internal data and documents unusable and forcing email account suspensions. While flight operations and passenger services continued via secure alternative systems like Amadeus check-in and manual staff scheduling, unauthorized access potentially exposed employee, customer, and business partner data. The company notified data protection authorities and affected parties, initiated protective measures including partial IT system lockdowns, and launched an investigation into the breach despite existing security protocols. The incident disrupted backend operations for over a week, mirroring a similar attack on another industry provider earlier that year involving data theft and darknet sales.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around April 17, 2022, AHS Aviation Handling Services GmbH experienced a cyberattack that disrupted its administrative IT systems for over nine days. Internal sources reported contamination of data, documents, and systems, rendering them unusable, with email accounts also blocked. The company confirmed the attack targeted administrative functions but stated flight operations and passenger handling remained unaffected through secure alternative systems like Amadeus for check-in processes and manual staffing coordination. AHS initiated immediate containment measures, including isolating segments of its IT infrastructure and implementing data protection protocols. While operational continuity was maintained, the prolonged recovery period indicated significant system compromise. The attack’s nature suggested potential extortion, though no explicit ransom demands were disclosed in available reports.
The incident potentially compromised business data involving employees, customers, and partners, prompting AHS to notify affected parties and report the breach to data protection authorities. As Germany’s largest ground handler serving over 130 airlines across 11 airports, the breach raised concerns about supply chain vulnerabilities. AHS emphasized its existing high-security measures but acknowledged an ongoing investigation into the attack’s origins. This incident followed a similar February 2022 cyberattack against Swissport, which caused flight cancellations and resulted in stolen data being marketed on darknet platforms. Both events highlighted systemic risks to aviation service providers, though AHS avoided operational disruptions by relying on manual and third-party system redundancies during recovery.