Dublin Airport Passenger Data Breach Exposes Millions of Travelers

Published: October 26, 2025

Location: Dublin, Ireland

Summary: A significant data breach at Dublin Airport has compromised passenger information for potentially millions of individuals who traveled through the airport in August 2025. The breach occurred through a third-party supplier, Collins Aerospace, which provides check-in and boarding software. The Everest ransomware group has claimed responsibility for the attack.

Detection and Scope of Breach

The breach was first detected on September 18, 2025, when Collins Aerospace notified Dublin Airport operator daa of a compromise in its IT systems. One of the compromised files contained boarding pass data for all departures from Dublin Airport between August 1 and August 31, 2025. The data includes booking reference numbers, first and last names, frequent flyer numbers, and potentially contact information and travel itineraries.

Ransomware Group Claim

On October 17, 2025, the Everest ransomware group claimed responsibility for the cyberattack. They alleged to have obtained FTP access to Collins Aerospace's vMUSE backend as early as September 10, 2025, and shared login details to substantiate their claims. The group has announced plans to release the stolen data in multiple stages, with the first release scheduled within 48 hours under the heading "MUSE-INSECURE: Inside Collins Aerospace's Security Failure."

Response from Authorities

In response to the breach, daa has initiated an investigation and is collaborating with regulators, including the Data Protection Commission (DPC), the Irish Aviation Authority, the National Cyber Security Centre, and affected airline partners. While there is no evidence of direct impact on daa's systems, passengers who traveled in August are advised to remain vigilant for any unusual activity related to their bookings.

Airline Notifications

Affected airlines, such as SAS, have begun notifying passengers about the breach and are working closely with Dublin Airport to manage the situation and protect customer information.

Cybersecurity Implications

This incident highlights the vulnerabilities in critical infrastructure and the importance of robust cybersecurity measures to protect sensitive passenger data.