The International Civil Aviation Organization (ICAO), the United Nations agency responsible for setting global civil aviation standards, has launched an urgent investigation into a potential cybersecurity breach. The probe follows claims from a threat actor who alleges to have stolen thousands of sensitive documents from the organization’s servers.
UN Agency Investigates Security Failure
In an official statement released Monday, ICAO confirmed it is actively reviewing reports of a security incident. The agency noted that the breach is linked to a known threat actor specialized in targeting international institutions.
The investigation was triggered after an individual posted on a prominent hacking forum on January 5, asserting that they had successfully exfiltrated 42,000 internal documents from ICAO systems. The claim suggests that the compromised data includes highly sensitive personal information.
Extent of the Data Exposure
Preliminary analysis of the leaked sample confirms the severity of the incident. The exposed data reportedly contains:
- Full legal names
- Dates of birth
- Residential and email addresses
- Personal phone numbers
- Detailed education and employment histories
Evidence indicates that the stolen records encompass information concerning ICAO employees, raising significant privacy and security concerns for the organization’s staff. While the agency has acknowledged the investigation, ICAO representatives have declined to provide further details regarding the scope of the attack or the specific vulnerabilities exploited by the hackers.