British Airways: British Airways allegedly breached as hackers claim to have stolen pilot data

British Airways Hit by Cyberattack: Hackers Claim Access to Sensitive Crew and Medical Data

The pro-Russian hacktivist group Infrastructure Destruction Squad (also known as Dark Engine) has claimed responsibility for breaching British Airways’ systems, gaining access to highly sensitive data. In a Telegram post, the threat actors stated they infiltrated the airline’s Crew Portal used by pilots and cabin crew to manage schedules, sick leave, and personal information by compromising an individual’s account to reach the admin control panel.

The group alleged exposure of sick leave records, including employee names, leave reasons, supervisor approvals, and AI-driven confidence levels evaluating request validity. They also claimed access to Cognino AI 360, an AI data analysis platform, where they reportedly found login credentials, API keys for insurance and financial services, and medical training files containing genetic disease data and health records.

Additional compromised data allegedly includes internal network structures, penetration-testing tools, and flight crew schedules. The hackers offered full access to the breached systems including login credentials and sensitive files for $1,000. Screenshots shared on Telegram appear to support their claims, showing the Crew Portal, API servers, and Cognino 360 interfaces.

In a follow-up message, the group vowed to escalate attacks, targeting industrial systems, data leaks, ransomware, and malware distribution. British Airways has not publicly responded to the claims, and Cyber Daily has sought further comment from the airline.

This incident follows previous breaches at British Airways, including the 2023 MOVEit supply chain attack by the Cl0p ransomware gang and a 2018 Magecart attack that exposed the personal and financial data of 400,000 customers.

The Infrastructure Destruction Squad has a history of disrupting critical infrastructure, including water treatment facilities, flood control systems, and industrial control environments across Asia, Latin America, and the EU.

Source: https://www.cyberdaily.au/security/13603-british-airways-allegedly-breached-as-hackers-claim-to-have-stolen-pilot-data

British Airways TPRM report: https://www.rankiteo.com/company/british-airways

"id": "bri1778826314",
"linkid": "british-airways",
"type": "Cyber Attack",
"date": "5/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Aviation',
                        'location': 'United Kingdom',
                        'name': 'British Airways',
                        'type': 'Airline'}],
 'attack_vector': 'Compromised individual account',
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Employee personal data',
                                              'Medical data',
                                              'Login credentials',
                                              'API keys',
                                              'Internal network structures']},
 'description': 'The pro-Russian hacktivist group *Infrastructure Destruction '
                'Squad* (also known as *Dark Engine*) has claimed '
                'responsibility for breaching British Airways’ systems, '
                'gaining access to highly sensitive data. The threat actors '
                'infiltrated the airline’s *Crew Portal* used by pilots and '
                'cabin crew to manage schedules, sick leave, and personal '
                'information by compromising an individual’s account to reach '
                'the admin control panel. The group alleged exposure of sick '
                'leave records, including employee names, leave reasons, '
                'supervisor approvals, and AI-driven confidence levels '
                'evaluating request validity. They also claimed access to '
                '*Cognino AI 360*, an AI data analysis platform, where they '
                'reportedly found login credentials, API keys for insurance '
                'and financial services, and medical training files containing '
                'genetic disease data and health records. Additional '
                'compromised data allegedly includes internal network '
                'structures, penetration-testing tools, and flight crew '
                'schedules. The hackers offered full access to the breached '
                'systems for $1,000.',
 'impact': {'brand_reputation_impact': 'High',
            'data_compromised': 'Sick leave records, employee names, leave '
                                'reasons, supervisor approvals, AI-driven '
                                'confidence levels, login credentials, API '
                                'keys, medical training files (genetic disease '
                                'data, health records), internal network '
                                'structures, penetration-testing tools, flight '
                                'crew schedules',
            'identity_theft_risk': 'High',
            'systems_affected': 'Crew Portal, Cognino AI 360'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Offered for $1,000',
                           'entry_point': 'Compromised individual account',
                           'high_value_targets': 'Admin control panel, Cognino '
                                                 'AI 360'},
 'motivation': 'Hacktivism, Financial Gain',
 'ransomware': {'data_exfiltration': 'Yes', 'ransom_demanded': '$1,000'},
 'references': [{'source': 'Telegram (Infrastructure Destruction Squad)'},
                {'source': 'Cyber Daily'}],
 'threat_actor': 'Infrastructure Destruction Squad (Dark Engine)',
 'title': 'British Airways Hit by Cyberattack: Hackers Claim Access to '
          'Sensitive Crew and Medical Data',
 'type': 'Data Breach'}