Dublin Airport Data Breach Exposes 3.8 Million Passengers in Collins Aerospace Hack

Breached Company

26 Oct 2025 — 7 min read

Breaking: Third-Party Supplier Breach Compromises Boarding Pass Data for Entire Month of August 2025

October 26, 2025 - Dublin Airport has confirmed a significant data breach affecting potentially all 3.8 million passengers who traveled through the Irish capital's terminals during August 2025, following a cyberattack on aviation technology supplier Collins Aerospace. The incident represents the latest casualty in what has become an unprecedented year of aviation sector cybersecurity failures.

The Breach Timeline

The DAA (Dublin Airport Authority), which operates both Dublin and Cork airports, first learned of the compromise on September 18, 2025, when Collins Aerospace notified them of a breach affecting its IT systems. By September 19, intelligence gathered by airport authorities indicated that boarding pass information for all flights departing Dublin Airport from August 1-31, 2025, had been published online by a cybercriminal group.

During August alone, Dublin Airport processed 3,784,759 passengers across more than 110,000 daily passenger movements, with 21 days exceeding 120,000 passengers. All of their boarding pass data is now considered compromised.

What Data Was Exposed

According to notifications sent to affected passengers by airlines including Swedish carrier SAS, the compromised data includes:

Passenger booking references
First and last names
Frequent flyer numbers
Contact information (email addresses and phone numbers)
Travel itineraries
Potentially other booking-related data

Critically, the breach did not involve passport information, payment card details, or other financial data. However, the exposed information provides sufficient detail for sophisticated phishing campaigns, social engineering attacks, and identity theft operations.

The Collins Aerospace Connection

This Dublin Airport breach is directly linked to the devastating Collins Aerospace ransomware attack that crippled multiple European airports in September 2025. Collins Aerospace's MUSE (Multi-User System Environment) software—which powers check-in and boarding operations at approximately 170 airports globally—fell victim to HardBit ransomware on the night of September 19, 2025.

As we reported in our comprehensive breakdown of the Collins Aerospace cyberattack, the attack forced major airports including London Heathrow, Brussels Airport, and Berlin Brandenburg to revert to manual check-in procedures. Dublin Airport was particularly hard hit, with officials confirming they had to rebuild servers "from scratch" with no clear timeline for resolution.

Intelligence analysis suggests the attack may have originated through Collins Aerospace's European data center in Cork, Ireland, with the breach beginning at 22:45 GMT on September 19 through phishing vectors disguised as RTX firmware updates.

Regulatory Response

The DAA immediately reported the breach to multiple authorities on Friday, September 19, 2025:

Data Protection Commission (DPC): Ireland's data privacy regulator opened an investigation
Irish Aviation Authority: Notified for aviation safety and operational security concerns
National Cyber Security Centre: Engaged for cybersecurity threat assessment

Graham Doyle, Deputy Commissioner at the Data Protection Commission, confirmed the agency is "engaging with daa" on the matter and conducting a full investigation into the breach's scope and impact.

Aviation Under Siege in 2025

The Dublin Airport breach is far from an isolated incident. The aviation industry has experienced a catastrophic year of cyberattacks, with the sector witnessing a staggering 600% increase in cyber-attacks from 2024 to 2025.

Major 2025 Aviation Breaches

As detailed in our Aviation Under Siege report, the industry has faced multiple devastating attacks:

Qantas Airways (July 2025): Australia's flagship carrier confirmed that 5.7 million customer records were compromised after hackers breached a third-party Salesforce platform. The Scattered Lapsus$ Hunters cybercriminal coalition launched a darknet leak site on October 3, publicly listing 39 companies and threatening data releases unless ransoms were paid.

Envoy Air - American Airlines (August 2025): The regional carrier subsidiary was hit by the Clop ransomware gang exploiting an Oracle E-Business Suite zero-day vulnerability (CVE-2025-61882) with a critical CVSS score of 9.8.

Aeroflot (July 2025): Russia's flag carrier was forced to cancel over 100 flights after pro-Ukrainian hacker group Silent Crow claimed a year-long infiltration that destroyed 7,000 servers and extracted 12TB of databases, 8TB of files, and 2TB of corporate emails.

Kuala Lumpur International Airport (March 2025): KLIA faced a crippling cyberattack with hackers demanding a $10 million ransom, demonstrating that airport infrastructure itself has become a prime target for cybercriminals.

The Single Point of Failure Problem

The Dublin Airport incident exemplifies a critical vulnerability in modern aviation infrastructure: over-reliance on centralized technology providers. When Collins Aerospace's MUSE system was compromised, the cascading effects impacted dozens of airports simultaneously across multiple countries.

As we explored in our analysis of when the skies went dark, this architectural weakness creates what cybersecurity experts call "single points of failure" where one successful attack can cascade across multiple airports and airlines, affecting thousands of flights and millions of passengers.

The European Union Agency for Cybersecurity (ENISA) confirmed the Collins Aerospace incident was caused by ransomware, part of a broader pattern where criminal organizations specifically target supply chain providers to maximize impact. As detailed in our after-weekend update, this represents a fundamental shift in threat actor strategy.

Passenger Impact and Recommendations

Immediate Risks

Passengers who traveled through Dublin Airport in August 2025 face several immediate risks:

Targeted Phishing Campaigns: Cybercriminals can use booking references and travel itineraries to craft highly convincing phishing emails claiming to be from airlines or airports.
Social Engineering Attacks: With full names, contact information, and travel patterns, attackers can impersonate airline customer service representatives or conduct sophisticated phone-based scams.
Frequent Flyer Account Takeover: Exposed frequent flyer numbers could enable unauthorized access to loyalty program accounts, potentially allowing theft of miles or points.
Secondary Attacks: The compromised data provides intelligence for subsequent attacks, such as targeting business travelers with fake travel disruption notifications.

What Passengers Should Do

The DAA has stated that "passengers who travelled in August do not need to take any immediate action but should remain alert to any unusual activity related to their bookings." However, cybersecurity experts recommend more proactive measures:

Immediate Actions:

Monitor frequent flyer accounts for unauthorized activity
Be extremely cautious of unsolicited communications claiming to be from airlines
Verify any travel-related notifications through official airline channels
Enable multi-factor authentication on all travel-related accounts
Consider changing passwords for airline loyalty programs

Ongoing Vigilance:

Watch for phishing emails referencing your August travel dates or destinations
Be suspicious of phone calls requesting booking verification
Review credit reports for any unusual activity
Report suspicious communications to your airline and local authorities

Industry-Wide Failure to Learn

Perhaps most damning is that the Collins Aerospace attack—and by extension the Dublin Airport data breach—occurred just two months after the CrowdStrike incident provided a clear warning about aviation's digital vulnerabilities. The industry's failure to implement lessons learned transformed what should have been a manageable incident into a multi-day, multi-billion-euro disaster.

Key failures identified include:

No rapid rollback mechanisms for critical third-party systems
Inadequate manual backup procedures for full-scale operations
Incomplete or ineffective supply chain security audits
Failure to improve offline resilience despite clear warning signs

The Smart Airport Security Challenge

The aviation sector's digital transformation has created both opportunities and vulnerabilities. Modern "smart airports" leverage advanced technologies to enhance passenger experience and operational efficiency, but as this incident demonstrates, they also create expanded attack surfaces.

With cyber-attacks on aviation rising by 131% between 2022 and 2023, and accelerating further in 2024-2025, the need for comprehensive, sector-wide security improvements has never been more urgent. The Transportation Security Administration (TSA) has implemented new cybersecurity amendments specifically targeting the aviation sector, requiring enhanced security measures and incident reporting protocols, but implementation remains inconsistent across the industry.

Financial and Reputational Impact

While the full financial impact of the Dublin Airport breach remains unclear, precedents suggest severe consequences:

The 2023 average cost of cyber data breaches reached $4.45 million, not including reputational damage
Delta Airlines reported $550 million in losses from the CrowdStrike incident alone
The Collins Aerospace attack affected stock prices and insurance premiums across the aviation sector
Legal costs, regulatory fines, and customer compensation programs will likely total tens of millions

For Dublin Airport specifically, the breach comes at a critical time when the facility was experiencing record passenger volumes and expanding operations.

Looking Forward: Lessons and Reforms

The Dublin Airport breach, combined with the broader pattern of 2025 aviation cyberattacks, demands urgent industry-wide reforms:

Immediate Priorities

Vendor Security Assessments: Mandatory comprehensive security audits of all critical technology providers
System Diversification: Reduce single points of failure through vendor diversification and redundant systems
Incident Response Planning: Develop and regularly test comprehensive business continuity plans
Supply Chain Security: Implement zero-trust architectures for third-party integrations
Offline Capabilities: Maintain viable manual fallback procedures for essential functions

Regulatory Evolution

The incident will likely accelerate calls for stricter cybersecurity standards and mandatory incident reporting, with the global aviation cybersecurity market projected to reach $5.32 billion in 2025, growing at 8.7% annually through 2029.

The European Union's NIS2 Directive and Digital Operational Resilience Act (DORA) are coming into full effect, imposing stringent new requirements for cybersecurity, incident reporting, and supply chain risk management—requirements that this incident proves are desperately needed.

Conclusion

The Dublin Airport data breach affecting 3.8 million passengers represents a troubling milestone in aviation cybersecurity. It demonstrates how a single compromised vendor can expose millions of travelers' personal information and highlights the aviation industry's dangerous over-reliance on centralized systems without adequate security controls or backup procedures.

As passengers and airlines grapple with the immediate fallout, the broader lesson is clear: digital transformation without corresponding security investment creates catastrophic vulnerabilities. The aviation sector must move beyond treating cybersecurity as an IT issue and recognize it as a fundamental business and safety concern.

The alternative—as millions of affected passengers can now attest—is an industry increasingly vulnerable to disruption in an interconnected world where the skies are no longer the limit for cyber warfare.

For more cybersecurity news and analysis, visit Breached.Company

Keywords: Dublin Airport data breach, Collins Aerospace hack, aviation cybersecurity, airline data breach 2025, Irish airport cyberattack, passenger data compromise, MUSE software ransomware, European airport security