Cyber Incident Victim: Spirit Airlines

In early March 2021, the Nefilim ransomware group publicly disclosed a data breach involving Spirit Airlines by publishing stolen information on the dark web. The incident came to light on March 5 when cybersecurity reports detailed the unauthorized release of sensitive airline data. Initial disclosures indicated the threat actors exfiltrated and released over 40 gigabytes of company information containing approximately 33,000 individual files. The compromised records included financial data and personal customer information related to ticket purchases spanning a 15-year period from 2006 through 2021. The ransomware group executed a double-extortion attack by first stealing data before threatening its public release unless payment demands were met. No details emerged regarding encryption of Spirit Airlines' operational systems or specific ransom negotiations between the parties.

The breach exposed highly sensitive customer information that could enable identity theft and financial fraud. Affected data encompassed personal identifiers and payment details associated with flight bookings over nearly two decades. While the exact number of impacted individuals remained unspecified, the volume of files suggested widespread customer exposure. The publication timeline indicated Nefilim released data in staged increments, with the initial March 5 disclosure representing only a portion of the stolen material. No public statements from Spirit Airlines regarding incident response measures, forensic investigations, or customer notifications appeared in the available reporting. The incident highlighted risks to aviation sector data security given the long retention period of sensitive passenger records involved in the compromise.