The website of GlobalX Air, a US-based airline used for deportation flights, was defaced by actors claiming affiliation with Anonymous. During the incident, attackers replaced the homepage content with a message accusing the airline of ignoring judicial orders related to deportation rulings. In addition to the defacement, the threat actors exfiltrated sensitive files, including complete flight records and passenger manifests for all customers—covering illegal immigrants and other passengers. The stolen data was subsequently shared with select media outlets, exposing granular details about who was deported, along with dates and destinations. This breach not only undermines the confidentiality of passenger information but also reveals operational details about deportation flights used by the US government. The exposure of personal and travel data raises significant privacy concerns, potentially enabling identity theft, targeted harassment, or geopolitical risks for affected individuals. Following the attack, the website was restored to its original state, but the scope of data loss remains a serious liability for the airline and its customers.
Source: https://www.techradar.com/pro/security/website-for-us-deportation-airline-globalx-defaced-by-hackers
TPRM report: https://scoringcyber.rankiteo.com/company/global-crossing-airlines
"id": "glo847050725",
"linkid": "global-crossing-airlines",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'All customers',
'industry': 'Aviation',
'location': 'United States',
'name': 'GlobalX Air',
'type': 'Airline'}],
'attack_vector': 'Website Defacement',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Flight records',
'Passenger manifests']},
'description': 'The website of GlobalX Air, a US-based airline used for '
'deportation flights, was defaced by actors claiming '
'affiliation with Anonymous. During the incident, attackers '
'replaced the homepage content with a message accusing the '
'airline of ignoring judicial orders related to deportation '
'rulings. In addition to the defacement, the threat actors '
'exfiltrated sensitive files, including complete flight '
'records and passenger manifests for all customers—covering '
'illegal immigrants and other passengers. The stolen data was '
'subsequently shared with select media outlets, exposing '
'granular details about who was deported, along with dates and '
'destinations. This breach not only undermines the '
'confidentiality of passenger information but also reveals '
'operational details about deportation flights used by the US '
'government. The exposure of personal and travel data raises '
'significant privacy concerns, potentially enabling identity '
'theft, targeted harassment, or geopolitical risks for '
'affected individuals. Following the attack, the website was '
'restored to its original state, but the scope of data loss '
'remains a serious liability for the airline and its '
'customers.',
'impact': {'data_compromised': ['Flight records', 'Passenger manifests'],
'identity_theft_risk': 'High',
'systems_affected': ['Website']},
'motivation': 'Accusation of ignoring judicial orders related to deportation '
'rulings',
'threat_actor': 'Anonymous',
'title': 'GlobalX Air Website Defacement and Data Breach',
'type': 'Website Defacement and Data Breach'}