Hacker ‘natohub’ claims data breach at International Civil Aviation Organization (ICAO), a UN agency, has been reported.
A hacker, identified as “natohub,” claims to have stolen personal data belonging to approximately 42,000 individuals associated with the organization. This alleged breach raises serious concerns about the security of sensitive information within the global aviation sector and highlights the ongoing threat posed by cybercriminals targeting international bodies.
The Scope of the Alleged UN Civil Aviation Agency Data Breach
Natohub, active in a prominent clear-web hacking forum, announced on January 6th, 2025, their possession of a substantial data leak from ICAO. The hacker claims to be selling “42k documents of users’ data,” encompassing a wide range of personal information. The data allegedly includes:
- First Name
- Last Name
- Date of Birth
- Gender
- Marital Status
- Country
- Address
- City
- State
- Zip Code
- Phone Number
- Primary Email Address
- Secondary Email Address
- Education Information
- Employment Information
Further analysis by another forum member who purportedly purchased the data revealed a larger scale than initially claimed. The leak allegedly contains 57,240 unique email addresses, with the majority belonging to the .com domain.
A significant number of .gov.xx emails (1,661) were also reportedly included, with 148 belonging to the Australian .au domain. This suggests a broad reach across numerous countries and government agencies.
The documents shared as samples by natohub appear to be ICAO employment forms. These forms contain all the data points listed above, along with emergency contact details and a questionnaire covering nationality, travel willingness, and any past criminal convictions or proceedings. The data is being sold for a relatively low price, a few euros.
ICAO’s Response to the Potential UN Civil Aviation Agency Data Breach
The ICAO has acknowledged the hacker’s claims and launched a comprehensive investigation.
An ICAO spokesperson stated, “ICAO is actively investigating reports of a potential information security incident allegedly linked to a threat actor known for targeting international organizations. We take this matter very seriously and have implemented immediate security measures while conducting a comprehensive investigation. Further information will be provided once our preliminary investigation is complete.”
This is not the first time ICAO has faced a cyberattack. In 2016, a Chinese-backed hacking group compromised two of ICAO’s servers, using them to spread malware. At the time, ICAO faced criticism for its alleged attempt to cover up the incident and for inadequate post-incident remediation. The current situation underscores the need for robust cybersecurity measures and transparent incident response protocols within international organizations.
The Implications of the Alleged UN Civil Aviation Agency Data Breach
The potential breach of such a large amount of sensitive personal data from a UN agency highlights the vulnerability of international organizations to sophisticated cyberattacks.
The implications are far-reaching, potentially impacting individuals’ privacy, security, and even national security. The fact that natohub has previously targeted the US Department of Defence, the USMC, and the United Nations itself raises concerns about a potential larger, coordinated campaign.
The relatively low cost of the data also highlights the ease with which this type of information can be obtained and disseminated. The ongoing investigation by ICAO is crucial to understanding the full extent of the breach and to implementing preventative measures to avoid similar incidents in the future. The Australian government’s involvement with ICAO, given its “Chief Importance” status, adds another layer of complexity to this incident.