The United Nations’ aviation agency has confirmed that a hacker accessed thousands of records after compromising its internal recruitment database.
Over the weekend, an individual using the alias “Natohub” claimed to have accessed 42,000 documents from the International Civil Aviation Organization (ICAO). The agency said it was investigating the incident on Monday and, in an updated statement sent to TechCrunch on Tuesday, it confirmed Natohub’s claims.
“ICAO can confirm that the reported information security incident involves approximately 42,000 recruitment application data records from April 2016 to July 2024 claimed to be released by the threat actor known as Natohub,” it said.
ICAO said that the compromised data includes information including job applicants’ names, email addresses, dates of birth, and employment history. “The affected data does not include financial information, passwords, passport details, or any documents uploaded by applicants,” the agency added.
ICAO said the breach is “limited” to the recruitment database and that it is working to identify and notify affected individuals.
