UN aviation agency investigating possible data breach
The United Nation’s International Civil Aviation Organization (ICAO) confirmed on Monday that it’s “actively investigating reports of a potential information security incident allegedly linked to a threat actor known for targeting international organizations.”
The statement came a few days after 42,000 documents allegedly stolen from the organizations have been offered for sale on a underground forum.
The forum user, who goes by Natohub, claims that the stolen documents contain user data: first and last name, date of birth, gender, marital status, physical address, email addresses, phone number, education and employment information.
As proof, they offered two sample documents, apparently containing the data of ICAO employees (or perspective employees).
The ICAO is a specialized agency of the United Nations with 193 member countries. It develops policies and standards, performs compliance audits, studies and analyses, and provides assistance to member states and stakeholders.
“We take this matter very seriously and have implemented immediate security measures while conducting a comprehensive investigation. Further information will be provided once our preliminary investigation is complete,” the Montreal-based agency added.
UPDATE (January 8, 2025, 09:10 a.m. ET):
“ICAO can now confirm that the reported information security incident involves approximately 42,000 recruitment application data records from April 2016 to July 2024 claimed to be released by the threat actor known as Natohub,” the organization said on Wednesday.
“The compromised data includes recruitment-related information that applicants entered into our system, such as names, email addresses, dates of birth, and employment history. The affected data does not include financial information, passwords, passport details, or any documents uploaded by applicants.”
The incident is limited to the recruitment database and does not affect systems related to aviation safety or security operations, they further noted.
“Our investigation and response efforts continue, and we have implemented additional security measures to protect our systems. We are also working to identify and notify affected individuals.”