The United Nations’ International Civil Aviation Organization (ICAO) has confirmed a security breach of its recruitment database, resulting in the theft of approximately 42,000 records. The breach was first revealed when a threat actor known as “Natohub” leaked the stolen data on the BreachForums hacking forum.
The compromised information includes:
- Names
- Email addresses
- Dates of birth
- Employment history
- Education details
ICAO emphasized that no financial information, passwords, passport details, or uploaded documents were exposed, and the breach was limited to the recruitment database without affecting aviation safety or security systems.
This incident adds to a series of cyberattacks targeting UN organizations in recent years, including:
- A 2019 breach of UN networks in Vienna and Geneva
- A recent cyberattack on the UN Development Programme in April 2024
- A 2021 data breach at the UN Environmental Programme exposing over 100,000 employee records
The organization is currently implementing additional security measures and working to notify affected individuals.