Cyber Incident Victim: SunExpress

The Sun Express airline experienced a cybersecurity incident stemming from an attack on an external IT service provider responsible for distributing the airline's newsletters. This breach, disclosed in early 2024, compromised approximately 596,000 email addresses, including 250,000 belonging to Sun Express customers. The attack did not directly target Sun Express's internal infrastructure, as confirmed by an airline spokesperson who emphasized that the company's own IT systems remained unaffected throughout the incident. The compromised third-party vendor processed only customer email addresses for newsletter operations and did not store or handle other personal data such as names, payment information, or travel details. Following discovery of the breach, Sun Express proactively notified affected customers about the unauthorized access to their email addresses and warned them about potential phishing attempts.

Subsequent to the breach, malicious actors began sending phishing emails impersonating Sun Express, attempting to exploit the compromised email addresses. The airline explicitly cautioned customers to avoid clicking links in suspicious messages and to delete such emails immediately. While confirming the legitimacy of these phishing attempts, Sun Express reiterated that the stolen data was limited exclusively to email addresses with no additional personal information exposed through the service provider. The company publicly acknowledged the inconvenience caused to customers but maintained that its operational systems and broader customer databases remained secure. No further technical details about the attack vector, timeline of detection, or identity of the threat actors were disclosed in available reports.