- Qilin Ransomware Gang Claims Tulsa International Airport Data Breach
- The leaked samples include executive emails, identification documents, financial and governance documents.
- The group poses a major RaaS threat, with breaches in more than 1,000 organizations in 2025, and more than 50 in January 2026.
Russian Qilin ransomware operators claimed to have broken into Tulsa International Airport and stolen an unspecified amount of sensitive company data.
A report of Cybernews claims the group recently added the airport to its data leak site and included 18 samples as proof of its claims.
Researchers analyzed the samples and found they included emails from senior executives, as well as email correspondence between executives and “high-level banking officials” outside the airport. The data also apparently includes copies of employee ID cards, driver’s licenses and passports, but also budget and annual revenue spreadsheets, confidentiality and non-disclosure agreements, telehealth reports, governance meeting minutes, insurance documents, banking communications, tenant databases, vendor revenue sheets and court documents.
Who is Qilin?
Cybernews did not confirm or deny the authenticity of the samples posted, but said they were dated between 2022 and 2025, which would make them rather recent and useful to criminals.
Tulsa International Airport, Oklahoma, is a mid-sized commercial airport that handles approximately 80 flights per day to more than 20 domestic destinations. Carriers include Southwest, American, Delta and United, and the airport serves more than 3 million passengers annually.
It supports a regional aviation ecosystem with thousands of employees in airlines, airport operations and on-site aerospace companies, contributing to approximately 40,000 jobs and an annual economic impact of approximately $6 billion for the region.
Qilin was first spotted four years ago and has since risen through the ranks to become one of the biggest ransomware threats in 2026, having allegedly managed to hack over 1,000 organizations in 2025.
This is a Russian-speaking ransomware-as-a-service (RaaS) with numerous affiliates, whose identities are not known at this time. The airport has not yet made an official statement on the attack.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
