BOARDING PASS DATA of passengers who used Dublin Airport in August may have been published online following a data breach by a “cyber-criminal group”.

In September, airports across Europe and the UK faced major disruptions after a cyber attack on check-in and boarding software developed by Collins Aerospace.

Many flights were delayed and cancelled at Dublin Airport as a result, as well as many other European airports.

It’s understood that DAA was alerted to the cyber attack by Collins Aerospace on 18 September 18.

It’s further understood that one of the files on the compromised IT server contained passenger boarding pass data from 1-31 August.

DAA made an initial report to the Data Protection Commission (DPC) the following day on 19 September. 

But last Friday, 17, DAA received information that the file may have been exposed online by a cyber-criminal group.

Everest ransomware is a malicious software that encrypts files and demands a ransom.

The Everest ransomware group claimed responsibility for last month’s cyber attack on its darknet leak site, though it didn’t list any ransom demand.

In a statement this evening, a DAA spokesperson said it is “aware of a data security incident involving a third-party supplier, Collins Aerospace”.

DAA added that the matter is under active investigation and that it is working closely with regulators including Irish Aviation Authority, the DPC, the National Cyber Security Centre and affected airline partners.

The DAA spokesperson said there is no evidence at this time of any direct impact on DAA systems.

The spokesperson added that passengers who travelled in August do not need to take any immediate action but should remain alert to any unusual activity related to their bookings.