UN aviation agency confirms recruitment database security breach

​The United Nations' International Civil Aviation Organization (ICAO) has confirmed that a threat actor has stolen approximately 42,000 records after hacking into its recruitment database.

This follows ICAO's announcement on Monday that it was investigating what it described as a "potential information security incident."

While the UN agency didn't provide additional details, this came two days after a threat actor using the "Natohub" handle leaked an archive of 42,000 documents reportedly stolen from ICAO on the BreachForums hacking forum.

​According to Natohub's claims, the allegedly stolen documents contain names, dates of birth, addresses, phone numbers, email addresses, and education and employment information.

Another threat actor said the leaked archive contains 2GB of files with information on 57,240 unique emails.

​Today, ICAO confirmed the link in an updated statement sent to BleepingComputer: "The reported information security incident involves approximately 42,000 recruitment application data records from April 2016 to July 2024 claimed to be released by the threat actor known as Natohub."

The agency says the stolen data contains recruitment information, but the breach didn't impact applicants' financial and other sensitive data.

"The compromised data includes recruitment-related information that applicants entered into our system, such as names, email addresses, dates of birth, and employment history. The affected data does not include financial information, passwords, passport details, or any documents uploaded by applicants," ICAO said.

"We can confirm that this incident is limited to the recruitment database and does not affect any systems related to aviation safety or security operations."

ICAO added that it implemented additional security measures to protect its systems from future attacks, is still assessing the incident's impact, and is working to identify and notify all individuals affected by this breach.

Threat actors also hacked UN networks in Vienna and Geneva in July 2019 using a Sharepoint exploit, gaining access to staff records, health insurance, and commercial contract data.

Additionally, the United Nations Development Programme (UNDP) started investigating a cyberattack in April 2024 following a breach claimed by the 8Base ransomware gang, while the United Nations Environmental Programme (UNEP) disclosed a data breach in January 2021 after over 100,000 employee records with personal information exposed online.