Russian ransomware hackers allegedly hit Tulsa airport in cyberattack, dump private files online as proof

Qilin ransomware gang claims breach of Tulsa International Airport data
Leaked samples include executive emails, IDs, financial and governance documents
Group is major RaaS threat, breaching 1,000+ organizations in 2025, 50+ in January 2026

Russian ransomware operators Qilin have claimed to have broken into the Tulsa International Airport and stolen an unspecified amount of sensitive company data.

A report from Cybernews says the group recently added the airport to their data leak site, and included 18 samples as proof of their claims.

The researchers analyzed the samples, finding it included C-suite emails, as well as email correspondence between executives and “high-level banking officials” outside the airport. The data also apparently includes copies of employee IDs, driver’s licenses, and passports, but also annual budget and revenue spreadsheets, confidentiality and non-disclosure agreements, telehealth reports, governance meeting minutes, insurance documents, banking communications, tenant databases, vendor revenue sheets, and court case documents.

Who is Qilin?

Cybernews did not confirm or deny the authenticity of the samples that were posted, but said that they dated between 2022 and 2025, which would make them rather fresh and useful to criminals.

The Tulsa International Airport in Oklahoma is a mid-size commercial airport that handles about 80 flights a day, to more than 20 domestic destinations. Carriers include Southwest, American, Delta and United, and the airport serves more than 3 million passengers a year.

It supports a regional aviation ecosystem with thousands of employees across airlines, airport operations and on-site aerospace firms, contributing to an estimated 40,000 jobs and roughly $6 billion in annual economic impact for the area.

ransomware threats in 2026, allegedly successfully breached more than 1,000 organizations in 2025.

It is a Russian-speaking ransomware-as-a-service (RaaS) with numerous affiliates, whose identities are not known at this time. The airport is yet to make an official statement on the attack.

The best antivirus for all budgets

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

https://cdn.mos.cms.futurecdn.net/CRRFyjRJcZe8qvwLLLssrL-2560-80.jpg

Source link

Why traditional metrics are giving CISOs a false sense of security

Top money transfer site Duc leaks user passport and driving license data info online

Regulatory whiplash: Why cyber resilience is now a governance imperative

Agentic AI: Transforming industries and tackling the interoperability imperative

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Movies Are Getting Longer. It’s Not Your Imagination.

Aragorn to Be Recast in ‘Lord of the Rings: The Hunt for Gollum’

Jessica Simpson Reacts to Rumor She's Spent $1,000 a Week on Tanning

Zendaya wears something blue for premiere amid wedding rumors

I helped build Uber and Discord and now my tools help fuel billion-dollar unicorns. But Silicon Valley is losing the AI race to itself

Senators urge Trump to bar Chinese automakers from building cars in US

AI adoption isn’t the hard part, it’s building employee agency

Deepseek’s V4 model will run on Huawei chips, The Information reports

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays