Incident ⁣Overview

Airport operator daa, responsible for Dublin and Cork airports, is investigating a data ⁣breach stemming from a compromise of its third-party supplier, Collins Aerospace. The incident involves passenger boarding ⁣pass data ⁤for ⁤departures ‍from Dublin Airport between august‍ 1, 2024,‍ and August 31, 2025.

daa received initial notification of potential exposure on September 19, 2024, from Collins Aerospace⁤ regarding a compromise of its ‌IT systems. ‍ Subsequently, daa was informed on September 20,​ 2024, that a file containing the ‌passenger ⁤data may⁣ have been exposed online by ⁣a⁤ cybercriminal group.

Scope of the ⁢Breach

The​ compromised data specifically relates to boarding passes.At this time, daa confirms there is no evidence that its ⁣own systems were directly impacted ⁣by the breach. ⁢ The investigation ⁣is ongoing, and daa⁢ is collaborating ‌wiht⁣ the Irish Aviation Authority (IAA),⁣ the Data Protection Commission (DPC), ⁢the‍ National Cyber Security Center ⁢(NCSC), and affected airline partners.

Regulatory⁢ Response and Passenger Guidance

The Data Protection Commission (DPC)‍ has ⁣acknowledged receiving a breach notification and is actively engaging with daa to assess ‍the situation.according to ‌Deputy commissioner ⁢Graham ⁣Doyle, the DPC is working with daa on the issue.

Passengers who ​travelled through Dublin Airport in August⁢ 2024 are advised ​to remain vigilant for any unusual activity⁢ related to their⁣ bookings, but are not required⁤ to take immediate⁤ action. This includes monitoring financial accounts and being ‌cautious ⁤of phishing attempts.