Cyber Attack cyber

Global Crossing Airlines Group (GlobalX)

May 12, 2025 2 min read
Global Crossing Airlines Group (GlobalX)

Global Crossing Airlines Group, a Miami-based airline facilitating ICE deportation flights, suffered a cyberattack on **May 5** by a hacker identifying as **Anonymous**. The breach granted unauthorized access to **business application systems**, allowing the theft of **flight records and manifests**—including sensitive details of ICE deportation operations. The hacker defaced the company’s website before exfiltrating data, which was later verified against public deportation reports by **404 Media**. While the company claimed **no operational disruption** and **no material financial impact**, the stolen data exposed its involvement in controversial deportation flights, risking **reputational damage** and potential **legal or regulatory scrutiny**. The incident prompted engagement with **law enforcement and a cybersecurity firm**, but the company did not disclose whether **personal data of employees, passengers, or deported individuals** was compromised. The FBI and DHS declined to comment. GlobalX, which earns **$65M annually from ICE contracts**, faces indirect consequences from the **public exposure of its role in deportations**, though no direct financial or operational harm was confirmed.

Source: https://therecord.media/airline-carrying-out-deportation-flights-confirms-cyberattack-sec

TPRM report: https://www.rankiteo.com/company/global-crossing-airlines

"id": "glo450082725",
"linkid": "global-crossing-airlines",
"type": "Cyber Attack",
"date": "5/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'industry': ['Aviation',
                                     'Logistics',
                                     'Government Contracting'],
                        'location': 'Miami, Florida, USA',
                        'name': 'Global Crossing Airlines Group (GlobalX)',
                        'type': 'Airline'}],
 'attack_vector': ['Website Defacement', 'Data Exfiltration'],
 'data_breach': {'data_exfiltration': True,
                 'sensitivity_of_data': 'High (includes government-contracted '
                                        'deportation details)',
                 'type_of_data_compromised': ['Flight records',
                                              'Deportation manifests',
                                              'Operational business data']},
 'date_detected': '2024-05-05',
 'date_publicly_disclosed': '2024-05-10',
 'description': 'Global Crossing Airlines Group (GlobalX), an airline involved '
                'in ICE deportation flights, confirmed a cybersecurity '
                'incident on May 5, 2024. A hacker, identifying as '
                "'Anonymous,' defaced the company’s website and stole flight "
                'records and manifests, including details of deportation '
                'flights. The company reported the incident to the SEC and law '
                'enforcement, stating no operational disruption occurred. The '
                'hacker provided stolen data to 404 Media, which verified its '
                'authenticity against public deportation records.',
 'impact': {'brand_reputation_impact': ['Potential reputational damage due to '
                                        'exposure of ICE collaboration',
                                        'Media scrutiny'],
            'data_compromised': ['Flight records',
                                 'Deportation manifests',
                                 'Operational data'],
            'downtime': 'None (no operational disruption reported)',
            'operational_impact': 'None reported',
            'systems_affected': ['Business application systems', 'Website']},
 'initial_access_broker': {'entry_point': ['Website defacement',
                                           'Business application systems'],
                           'high_value_targets': ['ICE deportation flight '
                                                  'records',
                                                  'Operational manifests']},
 'investigation_status': 'Ongoing (law enforcement involved, no public '
                         'updates)',
 'motivation': ['Activism', 'Exposure of ICE Collaboration'],
 'ransomware': {'data_exfiltration': True},
 'references': [{'source': '404 Media'},
                {'date_accessed': '2024-05-10',
                 'source': 'U.S. Securities and Exchange Commission (SEC) '
                           'Filing by Global Crossing Airlines Group'}],
 'regulatory_compliance': {'regulatory_notifications': ['U.S. Securities and '
                                                        'Exchange Commission '
                                                        '(SEC)']},
 'response': {'communication_strategy': ['SEC filing',
                                         'No public statement beyond '
                                         'regulatory disclosure'],
              'incident_response_plan_activated': True,
              'law_enforcement_notified': True,
              'third_party_assistance': ['Cybersecurity firm (unnamed)']},
 'threat_actor': 'Anonymous (self-identified)',
 'title': 'Cyberattack on Global Crossing Airlines Group (GlobalX) Involving '
          'ICE Deportation Flight Data',
 'type': ['Data Breach', 'Website Defacement', 'Unauthorized Access']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.