Cyber Incident Victim: International Civil Aviation Organization

The International Civil Aviation Organization (ICAO) confirmed a cybersecurity incident involving unauthorized access to its recruitment application database, following reports of a potential breach linked to a threat actor targeting international organizations. The incident, publicly addressed by ICAO on December 1, 2024, and updated on January 7, 2025, compromised approximately 42,000 records containing applicant data submitted between April 2016 and July 2024. Threat actor Natohub claimed responsibility for releasing the data, which included names, email addresses, dates of birth, and employment history provided by job applicants during the recruitment process. ICAO clarified that the breach did not expose financial information, passwords, passport details, or documents uploaded by applicants. The organization confirmed the incident was isolated to its recruitment systems and did not affect operational systems related to aviation safety or security.

ICAO initiated an immediate investigation upon detecting the incident and implemented additional security measures to protect its infrastructure. The organization emphasized that no aviation safety-critical systems were compromised during the breach. Response efforts included forensic analysis to determine the intrusion's scope and origin, along with preparations to notify affected individuals whose personal information was exposed. ICAO reiterated its commitment to data privacy and security while continuing to investigate the full extent of the compromise. The organization maintained operational continuity throughout the incident and pledged to provide further updates as the investigation progressed. Media inquiries regarding the breach were directed to ICAO's dedicated communications channel at [email protected].