August boarding pass details compromised in cyberattack on third-party IT supplier Collins Aerospace
A major data breach at Dublin Airport has potentially exposed the personal information of hundreds of thousands of passengers who traveled through the facility in August, when 3.8 million people passed through the airport.
The security incident targeted Collins Aerospace, a third-party IT supplier providing services to airport operator DAA, rather than Dublin Airport’s core systems directly. However, the supply chain breach is being treated as a serious security threat by authorities.
The compromised data file contained boarding pass details for all departures from Dublin Airport between August 1 and August 31, 2025. DAA was notified last Friday that this data, stored on a Collins Aerospace server, may have been exposed online by a cybercriminal group. The airport operator has not yet disclosed specifically what types of personal information were included in the leak.
DAA filed an initial report with the Data Protection Commission on September 19 following notification of the Collins Aerospace system breach. A DAA spokesperson confirmed the incident is “under active investigation,” with the airport working closely with regulatory bodies including the Irish Aviation Authority, Data Protection Commission, and National Cyber Security Centre, as well as affected airlines.
“Current evidence suggests that there has been no direct impact on DAA’s own systems,” the spokesperson stated.
Passengers who traveled through Dublin in August are advised to remain vigilant for unusual activity, calls, or messages related to their travel bookings, though DAA stressed travelers should not be immediately alarmed.
Data Protection Commission Deputy Commissioner Graham Doyle confirmed his office is working with DAA to investigate the matter further.