Qilin Ransomware Group Claims Data Breach at Tulsa International Airport

Qilin ransomware group claims breach of the Tulsa International Airport, a major civilian and military hub in Oklahoma. 

The threat actors listed the airport to their dark web leak site in late January 2026 and published 18 samples of stolen documents dated between 2022 and 2025 as proof of the intrusion. The compromised data supposedly includes:

• Employee identification records, including U.S. passports and driver's licenses
• Personal contact details and banking communications of the Chief Financial Officer
• Internal budget projections and revenue spreadsheets
• Non-disclosure agreements and legal documents regarding court cases
• Telehealth reports and insurance files
• Tenant databases and vendor revenue sheets

The number of affected individuals is not disclosed.

Tulsa International Airport confirmed the ransomware incident on February 2, 2026, stating that cybersecurity teams immediately contacted law enforcement and began an investigation. 

Airport officials claim the incident did not impact flight operations or daily travel and that the risk has been mitigated. There are no reports of disruptions to the operations of the Oklahoma Air National Guard’s 138th Fighter Wing based at the facility.