A hacker group claims it breached British Airways’ internal systems, exposing sensitive crew and medical data that researchers warn could expose the airline’s operational data.
The Infrastructure Destruction Squad claimed on its Telegram channel that it had breached British Airways, the UK’s largest international airline.
“Access has been gained to servers and systems of British Airways as well as medical servers, and exposed data includes highly sensitive information,” the attackers wrote on the post.
The gang claims to have accessed the employee portal, where crew and pilots log their schedules and sick leave and submit other personal information related to their employment.
To back up its claims, the gang posted some data samples that Cybernews researchers have investigated.
Provided samples include screenshots of what appear to be the dashboards of internal British Airways systems, such as the Crew portal and the Cognito AI dashboard. Cognito AI is the platform used for data analysis.
British Airways pilot and crew data allegedly breached
The data samples provided by attackers include employee personal information and sick leave requests. However, the full dataset may also include medical data that the British Airways crew provided to the employer.
The gang indicated that it got in through a compromised employee account that granted access to the entire Admin control panel.
“Employee account could've been compromised in a variety of ways, for example via a soc. engineering attack or infostealer malware to gather credentials,” our researchers noted.
“Employees could expect more social, engineering attacks, and fraud attempts using their info.”
Also, the gang posted on its Telegram channel that it had compromised a British Airways data center. It provided a screenshot of a credential stuffing attack as proof.
The gang claims that the data center exposed employee sick leave requests and communication between flight crew and management.
“Such data could be used to gather more information on communication patterns, possibly how British Airways operates flights, which could lead to more operational disruptions,” our research team explained.
Cybernews has reached out to the company for confirmation, but a response has not yet been received.
British Airways has been targeted before
This alleged breach is not the first time cybercriminals have targeted the UK’s flagship airlines.
In June 2023, British Airways was caught in one of the largest supply chain attacks in recent memory when the Cl0p ransomware group exploited a zero-day vulnerability in MOVEit.
The airline was not breached by a widely used file transfer tool. However, the attackers compromised Zellis, the airline's payroll provider, gaining access to employee data through a backdoor that researchers later discovered had been sitting undetected for two years.
The past year has not been easy for the aviation sector
Last year has been intense for airlines, as multiple threat actors have targeted them worldwide.
In June 2025, attackers claimed access to Cyprus Airways’ passenger data and internal systems. In the same month, a suspected ransomware attack disrupted Hawaiian Airlines' operations.
By autumn, the Cl0p ransomware gang, infamous for the MOVEit carnage, was back breaching American Airlines through its regional carrier Envoy Air.
A separate attack on Collins Aerospace disrupted operations across European airports, as check-in and boarding systems were down at Heathrow, Brussels, Berlin, Dublin, and Cork.
Spanish carrier Iberia also confirmed a data breach that exposed customer information. In 2026, Qilin ransomware claimed Malaysia Airlines as its victim, potentially stealing passengers’ data.
Who is behind the Infrastructure Destruction Squad?
According to cybersecurity researchers' analysis, the Infrastructure Destruction Squad (IDS) is a pro-Russian hacktivist group.
The gang, also operating under the name Dark Engine, has been present in multiple continents, with confirmed activity in the EU, Asia, and Latin America, according to cybersecurity firm Cyble.
The group has reportedly been focusing on disrupting critical infrastructure systems, particularly Industrial Control Systems (ICS), SCADA environments, water treatment facilities, and flood control mechanisms.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked