- Qilin ransomware gang claims to have breached Tulsa International Airport data
- The leaked samples include executive emails, IDs, and financial and government documents.
- The group is a major RaaS threat: it will breach more than 1,000 organizations in 2025 and more than 50 by January 2026.
Russian ransomware operators Qilin claimed to have broken into Tulsa International Airport and stolen an unspecified amount of sensitive company data.
a report of cyber news says the group recently added the airport to its data breach site and included 18 samples as proof of its claims.
Investigators analyzed the samples and found they included emails from senior management, as well as email correspondence between executives and “high-level bank officials” outside the airport. The data also apparently includes copies of employee IDs, driver’s licenses, and passports, but also annual income and budget spreadsheets, confidentiality and nondisclosure agreements, telehealth reports, government meeting minutes, insurance documents, bank communications, tenant databases, provider income sheets, and court case documents.
Who is Qilin?
cyber news He neither confirmed nor denied the authenticity of the published samples, but said they dated between 2022 and 2025, which would make them fairly recent and useful to criminals.
Tulsa International Airport in Oklahoma is a mid-sized commercial airport that handles about 80 daily flights to more than 20 domestic destinations. Airlines include Southwest, American, Delta and United, and the airport serves more than 3 million passengers annually.
It supports a regional aviation ecosystem with thousands of employees across airlines, airport operations and on-site aerospace companies, contributing to approximately 40,000 jobs and approximately $6 billion in annual economic impact for the area.
Qilin was first detected four years ago and has since risen through the ranks to become one of the biggest ransomware threats in 2026, and reportedly successfully breached over 1,000 organizations in 2025.
It is a Russian-speaking Ransomware as a Service (RaaS) with numerous affiliates, whose identities are unknown at this time. The airport has not yet made an official statement about the attack.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
