A cyber-criminal group, specifically the Everest ransomware group, breached a third-party supplier (Collins Aerospace), compromising an IT server containing passenger boarding pass data from 1–31 August at Dublin Airport. The data was later exposed online by the group, though no ransom demand was publicly listed. The attack caused major disruptions, including flight delays and cancellations across European airports in September. While DAA confirmed no direct impact on its own systems, the incident remains under investigation with regulators (Irish Aviation Authority, Data Protection Commission, National Cyber Security Centre) and affected airlines. Passengers were advised to monitor for unusual booking activity, though no immediate action was required. The breach highlights vulnerabilities in third-party vendor security and the operational risks of ransomware attacks on critical travel infrastructure.
Source: https://www.thejournal.ie/dublin-airprit-daa-collins-aerospace-6855100-Oct2025/
TPRM report: https://www.rankiteo.com/company/dublin-airport-authority-daa-
"id": "dub0103101102525",
"linkid": "dublin-airport-authority-daa-",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'Passengers who traveled through '
'Dublin Airport in August 2023',
'industry': 'Aviation',
'location': 'Dublin, Ireland',
'name': 'Dublin Airport Authority (DAA)',
'type': 'Airport Operator'},
{'industry': 'Aerospace/Software',
'name': 'Collins Aerospace',
'type': 'Third-Party Supplier'},
{'customers_affected': 'Passengers affected by flight '
'delays/cancellations',
'industry': 'Aviation',
'location': 'Europe and UK',
'name': 'Multiple European and UK Airports',
'type': 'Airport Operators'}],
'attack_vector': 'Third-party supplier (Collins Aerospace) software '
'compromise',
'customer_advisories': 'Passengers who traveled in August 2023 should remain '
'alert to any unusual activity related to their '
'bookings.',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': ['Passenger names',
'Booking/travel '
'details (presumed)'],
'sensitivity_of_data': 'Moderate (potential for identity '
'theft or travel-related fraud)',
'type_of_data_compromised': ['Boarding pass data']},
'date_detected': '2023-09-18',
'date_publicly_disclosed': '2023-09-19',
'description': 'Boarding pass data of passengers who used Dublin Airport in '
'August 2023 may have been published online following a data '
'breach by the Everest ransomware group. The breach occurred '
'via a cyber attack on check-in and boarding software '
'developed by Collins Aerospace, causing major disruptions '
'across European and UK airports, including flight delays and '
'cancellations at Dublin Airport. A file containing passenger '
'boarding pass data from August 1-31 was exposed on a '
'compromised IT server, and DAA (Dublin Airport Authority) was '
'alerted on September 18. The Everest ransomware group claimed '
'responsibility, though no ransom demand was publicly listed.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to DAA '
'and Collins Aerospace due to data '
'exposure and operational disruptions',
'data_compromised': ['Boarding pass data (August 1-31, 2023)'],
'downtime': ['Flight delays and cancellations at Dublin Airport '
'and other European/UK airports'],
'identity_theft_risk': 'Passengers advised to monitor for unusual '
'activity related to their bookings',
'legal_liabilities': 'Investigation by Data Protection Commission '
'(DPC) and other regulators (Irish Aviation '
'Authority, National Cyber Security Centre)',
'operational_impact': 'Major disruptions to airport operations, '
'including check-in and boarding processes',
'systems_affected': ['Collins Aerospace check-in and boarding '
'software']},
'initial_access_broker': {'entry_point': 'Collins Aerospace IT server '
'compromise',
'high_value_targets': ['Boarding pass data (August '
'1-31, 2023)']},
'investigation_status': 'Active (as of September 2023)',
'motivation': ['Financial Gain (presumed)', 'Data Theft'],
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransomware_strain': 'Everest'},
'references': [{'source': 'Irish Independent / BreakingNews.ie'}],
'regulatory_compliance': {'regulations_violated': ['GDPR (potential violation '
'under investigation)'],
'regulatory_notifications': ['Data Protection '
'Commission (DPC) - '
'reported on '
'2023-09-19',
'Irish Aviation '
'Authority',
'National Cyber '
'Security Centre']},
'response': {'communication_strategy': ['Public statement by DAA spokesperson '
'(September 2023)',
'Advisory to passengers to monitor '
'for unusual activity',
'No immediate action required for '
'passengers'],
'incident_response_plan_activated': True,
'third_party_assistance': ['Collins Aerospace',
'Affected airline partners']},
'stakeholder_advisories': ['Passengers advised to monitor for unusual '
'activity related to their bookings',
'No immediate action required for passengers'],
'threat_actor': 'Everest ransomware group',
'title': 'Dublin Airport Boarding Pass Data Breach via Collins Aerospace '
'Cyber Attack',
'type': ['Data Breach', 'Ransomware Attack', 'Supply Chain Attack']}