What Happened
In November 2025, a threat actor known as “888” claimed responsibility on a dark-web forum for breaching Ryanair, allegedly leaking sensitive operational data including customer email addresses, ticket bookings, passenger names (ticket claimants), travel destinations, flight numbers, outbound flight schedules, and internal communications between operational teams. Cybersecurity analysts deemed the shared dataset samples highly credible, though Ryanair has not confirmed the incident and no official validation or number of affected records has been disclosed. The potential exposure raises risks of phishing, fraudulent booking changes, identity theft, and operational transparency issues for the airline.
