A hacker has claimed responsibility for stealing a massive amount of personal data from Uzbekistan Airways, an international airline. The stolen information is said to include details of passengers, airline staff, and even employees of U.S. government agencies.
The hacker, who calls themselves “ByteToBreach,” posted about the breach on a dark web forum. The post quickly gained attention because it allegedly included sensitive documents such as scans of passports, identity cards, and other private information from people across many countries.
Straight Arrow News reviewed samples of the leaked material. The evidence suggests that the hacker may have stolen hundreds of thousands of records. This includes not only basic details such as email addresses and phone numbers, but also highly sensitive files that could be misused for crimes like fraud and identity theft.
Passports, IDs, and government emails found in leaked files
According to the hacker’s claims, the stolen database is around 300 gigabytes in size. It reportedly contains email addresses of over 500,000 passengers and about 400 airline employees. A list shared from the data also showed more than 285 emails belonging to airline staff.
But the most worrying part of the leak is the exposure of government email addresses. The stolen records reportedly include addresses linked to U.S. agencies such as the State Department, Department of Energy, Customs and Border Protection, Transportation Security Administration, and Immigration and Customs Enforcement.
The hacker also claimed to have obtained personal documents of travelers from more than 40 countries. Samples shared with reporters included 2,626 photos of identifying documents such as passports, ID cards, marriage licenses, and even birth certificates. Disturbingly, some of the passports belonged to babies and young children.
🧑💻 Hackers weaponize CAPTCHA — millions lost as Lumma Stealer spreads worldwide
Scans of 75 passports were reportedly among the leaked files. These came from people in the U.S., Russia, Israel, the U.K., South Korea, and several other countries. Hackers often sell such documents on underground markets, where they can be used to create fake identities or commit financial fraud.
One of the files contained a list of more than 379,000 loyalty program members. This exposed details such as names, genders, dates of birth, nationalities, phone numbers, and member IDs. Such detailed personal information can make people easy targets for phishing attacks, where cybercriminals try to trick victims into sharing even more information or clicking harmful links.
Hacker demands payment, airline denies breach
The hacker claimed to have contacted Uzbekistan Airways directly. Screenshots of emails shared with journalists showed the hacker asking the airline for 150,000 euros (about $176,000) in bitcoin. The demand was made in exchange for not selling the stolen data to other buyers.
In one of the alleged email exchanges, the hacker attached ID documents said to have been taken from the airline’s Amazon cloud storage server. The message warned the airline to consult its public relations team and lawyers before deciding whether to pay.
Despite these claims, Uzbekistan Airways has denied the breach. In a statement posted on its website, the airline said there had been no “unauthorized access” to its systems or compromise of personal data. The company suggested that the data samples could have been “artificially generated” using modern technology to create a false impression of a hack.
How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?
The airline urged media outlets not to spread unverified claims, arguing that doing so could harm its reputation.
However, cybersecurity experts say the truth will only become clear after further investigation. Hackers are sometimes known to exaggerate or fabricate data leaks, while companies often deny breaches to protect their image.
Straight Arrow News reported that some travelers confirmed their personal information matched the leaked data. This raises further questions about whether the airline’s denial will hold up under scrutiny.
