UN aviation agency ICAO confirms its recruitment database was hacked

The International Civil Aviation Organization (ICAO), a part of the United Nations, confirmed on Wednesday a hack of its recruitment systems involving the compromise of more than 40,000 records containing personal information.

It follows the Montreal-based agency announcing it was “actively investigating reports of a potential information security incident” after an apparent cybercriminal offered the stolen documents for sale on a hacking forum.

In an email, the agency said it could “confirm that the reported information security incident involves approximately 42,000 recruitment application data records from April 2016 to July 2024 claimed to be released by the threat actor known as Natohub.”

The Natohub account on BreachForums 2 — the successor to a site seized by the FBI in 2023 — was registered six months ago. It had previously claimed to have accessed the personal data of 14,000 delegates to the United Nations.

“The compromised data includes recruitment-related information that applicants entered into our system, such as names, email addresses, dates of birth, and employment history. The affected data does not include financial information, passwords, passport details, or any documents uploaded by applicants,” stated ICAO.

The agency said the incident “does not affect any systems related to aviation safety or security operations” and was limited to its recruitment systems.

“Our investigation and response efforts continue, and we have implemented additional security measures to protect our systems. We are also working to identify and notify affected individuals,” wrote the agency.

“ICAO takes the privacy and security of personal information extremely seriously. We will provide further updates as our investigation progresses.”