Have you asked Ryanair for compensation? Your bank details could now be for sale

Published: 28 April 2026
Last updated: 29 April 2026
Ryanair airline
Photo by Ian Waldie/Getty Images.
Listen to this article

A threat actor claims to have breached Ryanair, and flight compensation data is now circulating on underground cybercrime forums.

Many passengers seek compensation for flight delays, which is guaranteed by EU regulations.

While receiving a decent sum for the inconvenience is pleasing, submitting your data to airlines’ systems might pose additional risks. Especially, as compensation claims often require submitting an extensive amount of personal data.

ADVERTISEMENT

That might be the case with current hacker claims on a well-known underground forum. Attackers allege that they have targeted Ryanair, an Irish ultra-low-cost airline and Europe's largest carrier by passenger numbers.

While the airline has not confirmed the incident at the time of writing, the exposed data suggests potential access to sensitive internal systems.

The claims were first flagged by cybersecurity monitoring publication Daily Dark Web. The alleged attacker shared a data sample along with their listing.

Judging from the provided screenshots, the data may be from the company’s internal legal email system and its flight compensation and ticketing systems.

Court documents allegedly leaked

One portion of the leak resembles structured records from an internal legal correspondence or case management platform.

The exposed data includes:

ADVERTISEMENT
  • Email subjects, bodies, and timestamps
  • Sender and recipient details (including CC and BCC)
  • Attached court documents and associated storage links
  • Case references tied to legal proceedings
  • Court deadlines and procedural notes

In one example, an email references defense deadlines and an “OPS spreadsheet,” hinting at internal workflows used to track legal operations.

Mentions of specific cases and court timelines suggest this system may be used to coordinate active litigation.

Flight information for sale

Another data sample is way more sensitive. It’s a dump from what appears to be a legal claims management platform handling air passenger compensation cases for flight delays and cancellations under EU Regulation 261/2004.

Sample entries reference flights across major European routes, including Paris Beauvais, Bologna, Barcelona, and Cagliari.

If authentic, the exposed records include:

  • Full names, customer IDs
  • Lawyer names and email addresses
  • IBANs, SWIFT codes, bank names, payment identifiers
  • Flight numbers, routes, airports, and travel dates
  • Legal references, decision numbers, procedural details
  • References to "Inhouse Team Ryanair (ITA)", organization IDs, and descriptions

Cybernews has reached out to Ryanair for comment, but a response has not yet been received.

Record-breaking months of aviation breaches

ADVERTISEMENT

The aviation sector has been increasingly targeted by cybercriminals. Through 2025 and the first half of 2026, multiple airlines and aviation suppliers were hit by cyberattacks, exposing millions of passenger records and disrupting airport operations.

In June 2025, Canada's WestJet confirmed a breach that would eventually see 1.2 million American customers notified that their data had been stolen. That same month, Hawaiian Airlines was knocked offline in a suspected ransomware strike that took down internal network systems.

In September of the same year, the J Group ransomware crew claimed German aviation firm FAI, leaking nearly 3TB of sensitive data that included employee records and medical files.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Weeks later, the Everest ransomware group took credit for breaching Collins Aerospace and its MUSE check-in platform. The attack rippled across European airports, disrupting services.

October brought American Airlines into the crosshairs via the Clop-Oracle attack spree, and by November, Spain's flagship carrier Iberia was confirming a breach of its own, with threat actors claiming access to 77GB of stolen data.

By the beginning of 2026, the attacks had not slowed down. The Qilin ransomware gang came out swinging in January, claiming a breach of Tulsa International Airport and leaking internal data.

In February, Qilin was back, this time targeting Malaysia Airlines in yet another claimed compromise.

Paulina Okunytė
Paulina Okunytė
Journalist

Paulina Okunytė is a journalist at Cybernews. Paulina is a journalist who covers breaking news, focusing on science and exclusive cybersecurity research. She has covered major data leaks at big corporations and financial institutions affecting billions of people. Before joining Cybernews, she reported on NFTs, blockchain, and cryptocurrencies and worked with tech startups. Paulina holds a double major in Cultural History and Anthropology, and Multimedia Design. Follow Paulina for continued coverage of science breakthroughs, exclusive research and tech experiments.

ADVERTISEMENT

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked