The International Civil Aviation Organization (ICAO) has confirmed that a recent data breach exposed the personal information of 11,929 individuals, following a detailed investigation of compromised recruitment records.
The breach, first disclosed last week, involved approximately 42,000 recruitment application records dating from April 2016 to July 2024. A threat actor known as Natohub claimed responsibility and attempted to sell the stolen documents on a hacking forum for a nominal fee.
The compromised records included sensitive personal details from recruitment forms, such as names, addresses, marital status, contact information, and emergency contact data. According to forum discussions, the leaked dataset contained over 57,000 unique email addresses, including 1,661 government email accounts and 148 Australian domain addresses.
ICAO, headquartered in Montreal with 193 member nations, has established a dedicated support channel for affected individuals who can contact the organization at mydata@icao.int.
This marks the second major cybersecurity incident for ICAO in recent years. In 2016, the organization faced criticism for its handling of a breach where Chinese-backed hackers compromised servers and distributed malware to member states.
The organization continues to investigate the current incident while reaching out to impacted individuals. The full scope and potential implications of the stolen data remain under review by ICAO security teams.