GlobalX Airlines used for deportation flights breached by hacktivists
Take action: One more reminder to protect your access tokens and NEVER to store API Keys in any source codes. Because you will be hacked.
Learn More
GlobalX Airlines, a US government-contracted charter airline involved in deportation flights, was hit by a cybersecurity incident orchestrated by hacktivists claiming affiliation with Anonymous.
The attackers gained unauthorized access to sensitive information, including flight records and passenger manifests, and defaced the airline's official website with a politically charged message expressing opposition to the company's role in controversial deportation processes.
According to the anonymous hacker, the breach was facilitated by the discovery of a GlobalX developer's token, which allowed them to uncover access and secret keys for the airline's Amazon Web Services (AWS) cloud storage buckets, effectively granting them unauthorized entry into the company's digital infrastructure.
The hackers gained access to and leaked the following sensitive information:
- Flight records
- Passenger manifests
- Comprehensive passenger lists
- Itinerary details
- Flight logs
The leaked data is sorted into folders dated from January 19 through May 1, 2025. The files reportedly contain personal details such as names, flight dates, and destinations.
404 Media, after careful verification against official Immigration and Customs Enforcement (ICE) flight logs and court documents, confirmed the authenticity of the leaked data.
Global Crossing Airlines Group confirmed the cyberattack in a filing with the SEC on May 9, 2025, stating that unauthorized activity gave hackers access to "systems supporting portions of its business applications" on May 5. The company claims it activated its incident response protocols and third-party cybersecurity experts to assist with containment and mitigation activities. It contained and isolated the affected servers and prevent further intrusion.
