Millions of passengers potentially impacted in Dublin Airport data breach after Collins Aerospace ransomware attack
Learn More
Airport operator daa, which manages Dublin and Cork airports in Ireland, has launched an investigation into a data breach involving third-party supplier Collins Aerospace, potentially affecting millions of passengers who traveled through Dublin Airport during August 2025.
Daa was notified by Collins Aerospace on September 18, 2025, about a compromise of its IT systems. One of the compromised server contained passenger boarding pass data relating to all departures from Dublin Airport between August 1 and August 31, 2025.
On October 17, 2025, the Everest ransomware group claimed responsibility for the cyberattack on Collins Aerospace. According to claims made by the Everest group, they obtained FTP access to Collins Aerospace's vMUSE backend as early as September 10, 2025, more than a week before the full-scale ransomware deployment. The breach may have originated through Collins Aerospace's European data center in Cork, Ireland. The attack included phishing messages disguised as RTX firmware updates and exploitation of unpatched MUSE API gateway vulnerabilities.
According to communications from affected airlines, the exposed data includes:
- Booking reference numbers
- First names
- Last names
- Frequent Flyer Numbers
- Contact information (potentially)
- Travel itineraries (potentially)
The Everest hacking group has claimed to possess flight data from more than 1.5 million passengers and thousands of airline employees. The threat actors announced plans to release stolen data in multiple tranches, with the initial release scheduled within 48 hours under the heading "MUSE-INSECURE: Inside Collins Aerospace's Security Failure," which would include an FTP Access List. A subsequent data release was planned eight days later, purportedly containing a "Collins Aerospace DataBase Download."
The exact number of affected passengers has not been disclosed but Irish Times reported that potentially millions of people who used Dublin Airport in August 2025 may have had their boarding pass information compromised. In August 2025, approximately 3.8 million passengers used Dublin Airport alone.
A daa spokesperson stated that the matter is under active investigation, with the organization working closely with multiple regulators.
Data Protection Commission Deputy Commissioner Graham Doyle confirmed receiving a breach notification regarding the matter and indicated the DPC is actively engaging with daa on the investigation.
