Hackers leak purported Aeroflot data as Russia denies breach

Hackers have leaked flight records allegedly belonging to the CEO of the Russian airline Aeroflot following a major cyberattack that grounded flights, as Moscow denies any data breach occurred.

Russia’s internet watchdog Roskomnadzor said there was no confirmation that data had been leaked from Aeroflot after the company was hit by a large-scale cyber incident earlier this week that caused mass flight disruptions.

“Information about a possible data leak from the company has not been confirmed,” the agency told local media on Thursday, without elaborating.

Shortly after the statement, the Belarusian hacker group Cyber Partisans — which claimed responsibility for the attack — posted what it said was travel data belonging to Aeroflot CEO Sergei Aleksandrovsky on Telegram. 

The records showed details of more than 30 flights taken between April 2024 and June 2025. Investigative outlet The Insider reported that the passport number for Aleksandrovsky found in the leaked files matched one connected to him that was seen in previous data breaches. The authenticity of the leaked data has not been independently verified.

Cyber Partisans said additional data would be released soon. The group previously claimed it had exfiltrated the airline’s entire flight history database, audio recordings of internal calls, and surveillance footage, including employee monitoring data.

The attack forced Aeroflot to cancel or delay more than 100 flights on Monday — nearly half of its daily operations — impacting roughly 20,000 passengers. The disruption, coupled with potential data loss and reputational damage, could cost the airline as much as $50 million, according to estimates by Forbes Russia.

While Aeroflot said it had restored services and resumed normal operations by Thursday, cybersecurity experts warned full recovery of the airline’s IT infrastructure may take longer. Russian cybersecurity analyst Oleg Shakorov said the airline could also face legal scrutiny if authorities conclude its cybersecurity measures were inadequate.

Aeroflot has released limited information about the incident. The Cyber Partisans claimed they were able to breach the airline’s systems because employees used weak passwords, and the company relied on outdated versions of Windows but these claims haven’t been independently verified.

The attack comes amid a broader wave of cyber disruptions across Russia. Two of the country’s largest pharmacy chains were hit this week, shutting down hundreds of locations and halting payments and prescription services. Other companies, including grocery chain Vkusvill, discount retailer Dobrotsen, delivery platform Samokat, restaurant software developer Iiko, and Russia’s state postal service, also reported outages, many of which were described as “technical failures.”