Everest Ransomware Group Claims Theft of 1.5 Million Passenger Records from Dublin Airport

The ransomware group Everest claimed responsibility on Oct 26 for a cyberattack that allegedly compromised over 1.5 million passenger records from Dublin Airport.

According to a report from Hackread, the Everest group listed Dublin Airport on its dark-web portal, claiming to have a password-protected archive containing the stolen data.

The data (1,533,900 personal records), posted on the group’s leak site, reportedly includes an exhaustive list of personally identifiable information, some of it highly sensitive:

•             Full names, flight date alongside passenger ID, seat, and flight numbers

•             Fast track or priority status plus departure and destination airport codes

•             Frequent flyer airline, number, and tier

•             Free baggage allowance and baggage tag numbers

•             Device name, device ID, and device type used for check-in

If confirmed, the incident would be one of the most significant data exposures involving an international airport this year — and a reminder that even trusted travel hubs aren’t immune to ransomware operators.

The same post named Air Arabia as another target, suggesting a broader campaign aimed at the aviation industry. The threat actors claimed to have stolen the personal information of over 18,000 employees from the low-cost airline based in the United Arab Emirates.

Why This Matters for Passengers

Airline and airport data often contain much more than booking details. Travel itineraries, document numbers, and baggage tags can be combined to impersonate travelers, access loyalty accounts, or fuel highly convincing phishing messages.

A fake email could easily mimic a legitimate notice from an airport or airline — “We noticed an issue with your flight” or “Your baggage claim needs confirmation.” The scammers know your name, flight number, and travel date, so the message feels authentic — and that’s how many victims click.

Even if the Dublin Airport breach remains unconfirmed, it’s a powerful reminder that travel data is personal data — and deserves the same protection as your bank account or medical records.

How to Protect Yourself

Whether you’ve flown through Dublin Airport or not, your travel information may already exist in multiple airline and booking databases. Take these simple steps to stay safe:

• Be skeptical of messages about your flights or luggage. Verify directly with the airline or the airport’s official website.
• Don’t click links in unsolicited travel emails or texts. Cybercriminals use stolen data to make scams more believable. If you think you are the target of a scam, whether via email, text or phone, have a quick chat with Scamio, our free AI-powered scam detector.
• Use strong, unique passwords for airline and loyalty accounts and turn on two-factor authentication wherever possible.
• Monitor your personal data online with tools like Bitdefender Digital Identity Protection. It alerts you if your personal information — including emails, phone numbers, or travel IDs — appears in a data breach or on the dark web.
• Double-check suspicious links using Bitdefender Link Checker before you click. It’s easy and free to use, directly from your browser.

Ransomware Is Evolving — and So Should Awareness

Groups like Everest no longer rely only on encrypting systems. They increasingly use “double extortion” tactics, stealing data first, then threatening to leak it unless a ransom is paid. Even if companies refuse to pay, attackers often sell or publish the data later, leaving travelers at risk long after the story fades.

That’s why awareness and identity monitoring are now essential layers of personal cybersecurity. You can’t control how a company protects your data, but you can control how quickly you respond if it ends up exposed.

Stay one step ahead by securing not only your devices but also your identity.
Bitdefender Digital Identity Protection continuously scans the web and dark web for leaks tied to your personal data, notifies you immediately of potential breaches, and helps you take action before scammers can.

Your passport and boarding pass aren’t the only things worth protecting — your identity is too.