The United Nations’ Worldwide Civil Aviation Group (ICAO) has confirmed {that a} risk actor has stolen roughly 42,000 information after hacking into its recruitment database.
This follows ICAO’s announcement on Monday that it was investigating what it described as a “potential info safety incident.”
Whereas the UN company did not present extra particulars, this got here two days after a risk actor utilizing the “Natohub” deal with leaked an archive of 42,000 paperwork reportedly stolen from ICAO on the BreachForums hacking discussion board.
In response to Natohub’s claims, the allegedly stolen paperwork include names, dates of delivery, addresses, telephone numbers, e mail addresses, and schooling and employment info.
One other risk actor stated the leaked archive accommodates 2GB of information with info on 57,240 distinctive emails.
At the moment, ICAO confirmed the hyperlink in an up to date assertion despatched to BleepingComputer: “The reported information security incident involves approximately 42,000 recruitment application data records from April 2016 to July 2024 claimed to be released by the threat actor known as Natohub.”
The company says the stolen information accommodates recruitment info, however the breach did not impression candidates’ monetary and different delicate information.
“The compromised data includes recruitment-related information that applicants entered into our system, such as names, email addresses, dates of birth, and employment history. The affected data does not include financial information, passwords, passport details, or any documents uploaded by applicants,” ICAO stated.
“We can confirm that this incident is limited to the recruitment database and does not affect any systems related to aviation safety or security operations.”
ICAO added that it carried out extra safety measures to guard its techniques from future assaults, remains to be assessing the incident’s impression, and is working to establish and notify all people affected by this breach.
Menace actors additionally hacked UN networks in Vienna and Geneva in July 2019 utilizing a Sharepoint exploit, getting access to employees information, medical health insurance, and industrial contract information.
Moreover, the United Nations Growth Programme (UNDP) began investigating a cyberattack in April 2024 following a breach claimed by the 8Base ransomware gang, whereas the United Nations Environmental Programme (UNEP) disclosed a knowledge breach in January 2021 after over 100,000 worker information with private info uncovered on-line.
