san.com Aug 23, 2025 at 12:34 AM GMT+2
A hacker breached an airline and stole information on hundreds of thousands of people, including U.S. government employees.

Summary

• Exposed IDs
  Straight Arrow News examined 2,626 photos of identifying documents such as passports, IDs and birth certificates that were stolen by a hacker.

• U.S. government data
  The data includes the names, emails and phone numbers of employees from the State Deptartment, ICE, TSA, CBP and more.

• Airline denial
  Uzbekistan Airways denied that any intrusion took place and even suggested that leaked data may have been generated with artificial intelligence.

Full story
A hacker claims to have stolen information on hundreds of thousands of people — including U.S. government employees — after breaching an international airline. Straight Arrow News obtained a sample of the data, allegedly taken from Uzbekistan Airways, and confirmed the presence of sensitive documents such as scans of thousands of passports.

The data was advertised on Thursday by the hacker, who is known online as ByteToBreach and purports to be a native of the Swiss Alps, on a dark web forum known for hosting leaks, malware and hacking tools. The purportedly 300-gigabyte data cache contains, among other things, the email addresses of 500,000 passengers and 400 airline employees.

The post included a sample of the data, such as alleged credentials for multiple servers and software programs run by the airline. It also showed partial credit card data, as well as scans of 75 passports from the U.S., Russia, Israel, the U.K., South Korea and other nations. The hacker claims to have obtained identifying documents from more than 40 different countries.

The hacker provided Straight Arrow News with a larger data sample than the one posted online, containing 2,626 photos of identifying documents such as passports, IDs, marriage licenses and birth certificates. Numerous passports belonged to babies and young children.

Passports and other identifying data are valuable on underground markets given their potential use for a range of criminal activities, such as fraud and identity theft. Hackers could also leverage the prevalence of data on government employees for phishing attacks.
U.S. government employees’ data compromised
Another document from the sample the hacker provided to SAN contained 285 email addresses belonging to airline employees. A list of email addresses for passengers held 503,410 entries.

A spreadsheet with personal information of 379,603 members of Uzbekistan Airways’ loyalty program exposes names, genders, birthdates, nationalities, email addresses, phone numbers, member IDs and more.

The email addresses indicate that those members include employees of several U.S. government agencies, including the State Department, the Department of Energy, Immigration and Customs Enforcement, Customs and Border Protection and the Transportation Security Administration.

Employees of foreign government agencies from countries like Russia, Uzbekistan and the United Arab Emirates were also in the data.

SAN reached out to several phone numbers of government employees. An apparent TSA employee answered the phone by introducing themselves with the first name listed in the hacked data, as well as their government position. After SAN explained that their data had been exposed, the employee declined to comment and referred a reporter to the Department of Homeland Security’s public affairs office.

The public affairs office did not respond to an email from SAN. An email to the State Department’s office of press operations went unanswered as well.

Four files containing raw reservation and ticketing data mention airlines, airports, flight numbers and other information. The hacker also claimed that the raw data contained partial credit card information, although SAN was unable to independently verify the presence of financial data.
...

Qantas can confirm that a cyber incident has occurred in one of its contact centres impacting customer data. The system is now contained.

We understand this will be concerning for customers. We are currently contacting customers to make them aware of the incident, apologise and provide details on the support available.

The incident occurred when a cyber criminal targeted a call centre and gained access to a third party customer servicing platform.

There is no impact to Qantas’ operations or the safety of the airline.

What we know

On Monday, we detected unusual activity on a third party platform used by a Qantas airline contact centre. We then took immediate steps and contained the system. We can confirm all Qantas systems remain secure.

There are 6 million customers that have service records in this platform. We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant. An initial review has confirmed the data includes some customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers.

Importantly, credit card details, personal financial information and passport details are not held in this system. No frequent flyer accounts were compromised nor have passwords, PIN numbers or log in details been accessed.

Actions we are taking

While we conduct the investigation, we are putting additional security measures in place to further restrict access and strengthen system monitoring and detection.

Qantas has notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. Given the criminal nature of this incident, the Australian Federal Police has also been notified. We will continue to support these agencies as the investigation continues.

Qantas has established a dedicated customer support line as well as a dedicated page on qantas.com to provide the latest information to customers. We will continue to share updates including via our website and social channels.

Qantas Group Chief Executive Officer Vanessa Hudson said:

“We sincerely apologise to our customers and we recognise the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously.

“We are contacting our customers today and our focus is on providing them with the necessary support.

“We are working closely with the Federal Government’s National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts.”

Hawaiian Airlines, the tenth-largest commercial airline in the United States, is investigating a cyberattack that has disrupted access to some of its systems.

With over 7,000 employees, 235 average daily flights, and a fleet of over 60 airplanes, Hawaiian Airlines connects Hawai'i with 15 U.S. mainland cities and 10 other destinations across Asia and the Pacific.

The airline stated in a statement issued on Thursday morning that the incident didn't affect flight safety and has already contacted relevant authorities to assist in investigating the attack.

Hawaiian Airlines also hired external cybersecurity experts to asses the attack's impact and help restore affected systems.

"Hawaiian Airlines is addressing a cybersecurity event that has affected some of our IT systems. Our highest priority is the safety and security of our guests and employees. We have taken steps to safeguard our operations, and our flights are operating safely and as scheduled," the airline said.

"Upon learning of this incident, we engaged the appropriate authorities and experts to assist in our investigation and remediation efforts. We are currently working toward an orderly restoration and will provide updates as more information is available."

A banner on the airline's website notes that the incident hasn't impacted flights in any way and that travel hasn't been affected.

The same alert is also displayed on the Alaska Airlines website, which is owned by Alaska Air Group, a company that acquired Hawaiian Airlines last year.