A data security breach at one of Dublin Airport’s key suppliers has compromised the passenger details of potentially millions of people who used the airport in August, The Irish Times has learned.
Boarding pass information for the airport may have been published online by what DAA – the authority that manages Dublin and Cork airports – described as a “cyber-criminal group”.
The authority said that while “passengers who travelled in August do not need to take any immediate action, [they] should remain alert to any unusual activity related to their bookings”.
An investigation is ongoing.
READ MORE
It is understood details of the security breach first emerged when DAA was notified by Collins Aerospace on September 18th of a compromise of its IT systems.
One of the files on the compromised server contained passenger boarding-pass data from August 1st to 31st, 2025.
The authority made an initial report to the Data Protection Commission (DPC) on September 19th. Last Friday, October 17th, the authority was told the information had potentially been exposed online by a cyber-criminal group.
DAA confirmed to The Irish Times it is “aware of a data security incident involving a third-party supplier, Collins Aerospace”.
A spokesman said the “matter is under active investigation and we are working closely with our regulators”. The organisations it is working with include the Irish Aviation Authority, the DPC, the National Cyber Security Centre and affected airline partners.
The spokesman added: “At this time, there is no evidence of any direct impact on DAA systems. Passengers who travelled in August do not need to take any immediate action but should remain alert to any unusual activity related to their bookings.”
Airlines that use Dublin Airport have begun communicating with their customers who departed from the airport in August.
An email from Swedish airline SAS, sent this week, said: “We were recently informed by Dublin Airport that an unauthorised party gained access to certain passenger data related to flights departing from the airport during that period. This means that your booking details may be among the information that was affected.
“The affected files included your booking reference, first name, last name and Frequent Flyer Number. Based on this information, it is possible that other details connected to your booking – such as contact information and travel itinerary – could have been accessed. It is possible that this information may be leaked to the public by the unauthorised party.”
SAS added that it has reported the incident to the Swedish Authority for Privacy Protection and was “following up closely together with Dublin Airport to manage the situation and protect our customers’ information”.
