By Allison Lampert
MONTREAL (Reuters) -A U.N. aviation agency information security incident this week involved the alleged release of thousands of recruitment application data records from April 2016 to July 2024, the Montreal-based body told Reuters on Tuesday.
The 42,000 records, which the threat actor known as Natohub claimed to have released, do not affect any systems related to aviation safety or security, the International Civil Aviation Organization said in response to a Reuters query.
“We can confirm that this incident is limited to the recruitment database and does not affect any systems related to aviation safety or security operations,” ICAO said.
Earlier in the day a source told Reuters that the incident was linked to the release of job applicants’ records, with a sample made public.
Montreal-based ICAO said on Monday it was investigating a reported hacker’s claim that the records had been stolen. The investigation is still ongoing and ICAO has implemented additional security measures to protect the agency’s systems, it said.
“We are also working to identify and notify affected individuals,” ICAO said.
ICAO said in the statement that the compromised data includes recruitment-related information entered by job applicants, such as names, email addresses, dates of birth, and employment history.
“The affected data does not include financial information, passwords, passport details, or any documents uploaded by applicants,” ICAO said.
ICAO, which has 193 member states, was targeted in a hack in 2016 and said afterwards that it had made significant improvements to its security.
ICAO uses consensus to set standards on everything from runways to seat belts. The agency was created after the United States invited more than 50 allies to agree in 1944 to a common air navigation system.
(Reporting By Allison Lampert in Montreal; Editing by Sonali Paul)
Comments