Open digital padlock showing data breach at aviation agency

UN Aviation Agency ICAO Suffers Data Breach Impacting Nearly 12,000 People

A data breach affecting the U.N. aviation agency, the International Civil Aviation Organization (ICAO), has leaked the personal information of thousands of individuals.

The Montreal, Canada-based special branch of the United Nations manages and regulates air navigation systems globally, sets policies and standards, and oversees compliance, ensuring its 193 member states collaborate in sharing the skies.

The agency recently launched an investigation after a threat actor known as ‘Natohub’ claimed to have exfiltrated 42,000 recruitment records and leaked samples as proof.

“ICAO is actively investigating an information security incident allegedly linked to a threat actor known for targeting international organizations,” the agency stated.

UN aviation agency ICAO confirms data breach

ICAO has confirmed it suffered a data breach that leaked recruitment records from April 2016 to July 2024. The agency says it determined the leaked information belonged to nearly 12,000 unique job applicants.

“After completing careful review of the data, ICAO can now confirm that 11,929 individuals are affected. ICAO is now reaching out to these individuals,” the aviation agency stated.

An ICAO spokesperson said the data leak exposed the victims’ names, dates of birth, email addresses, and employment history.

However, Natohub also claimed that the victims’ home addresses, genders, marital statuses, and educational backgrounds were also exposed, which ICAO has not confirmed.

However, ICAO says the data breach did not expose the victims’ financial information, passports, account credentials, or uploaded documents.

Additionally, the incident did not affect other ICAO systems, suggesting that the data breach was localized to the aviation agency’s recruitment platform.

“We can confirm that this incident is limited to the recruitment database and does not affect any systems related to aviation safety or security operations,” the aviation agency stated.

Additionally, ICAO claims air traffic safety was not compromised as the breached systems are not connected to its security network. Nonetheless, threat actors could use the stolen information to impersonate the aviation agency’s staff to access restricted areas.

Meanwhile, ICAO has launched an investigation to determine the full scope of the data breach. The UN aviation agency also said it implemented additional security measures and was in the process of identifying the impacted individuals to notify them properly of the data breach.

“ICAO takes the privacy and security of personal information extremely seriously. We will provide further updates as our investigation progresses,” ICAO’s spokesperson said.

However, ICAO has not disclosed if the stolen data has been disseminated or shared with other threat actors. The aviation agency has also not indicated that it received any ransom demands. Similarly, details on how the threat actor gained access to the agency’s recruitment database remain undisclosed.

Employee data has become a lucrative target for threat actors due to the extensive personal information it contains. Contact details such as email addresses and phone numbers allow threat actors to target employees and job seekers using compelling phishing lures related to their employment history.

Similarly, recruitment scams, often involving malware distribution and attempts to compromise information systems, have lately become more common. Such attacks usually target IT professionals and help desk staff with access to internal systems and customer data.

Past data breaches at the UN

United Nations organizations are also frequently targeted by various hackers, including state-sponsored threat actors. In April 2024, the United Nations Development Programme (UNDP) launched an investigation into a potential data breach after the 8Base ransomware group claimed responsibility.

In January 2021, the United Nations Environmental Programme (UNEP) confirmed a data breach that exposed more than 100,000 employee records.

Similarly, attackers breached UN Networks at the Geneva and Vienna offices in July 2019, resulting in “a compromise of core infrastructure components.”