A threat actor has allegedly put a database containing 2 million lines of data belonging to Helity Copter Airlines up for sale on a dark web forum. Helity is a Spanish airline founded in 2014, notable for being the first to operate a regular helicopter transport line between the autonomous city of Ceuta and mainland Spain, specifically Algeciras and Málaga. The airline serves as a crucial transportation link for passengers and cargo in the Strait of Gibraltar region.
The threat actor shared samples of the compromised data, which appears to contain a vast amount of sensitive user and operational information. The breach allegedly exposes significant personal identifiable information (PII) of customers and internal company data. If confirmed, this incident could pose serious privacy risks to the airline’s passengers and operational challenges for the company. The sale of such a large database on the dark web could lead to various malicious activities, including identity theft, phishing campaigns, and other forms of fraud targeting the individuals whose data has been exposed.
Based on the samples provided by the seller, the allegedly leaked data includes:
- User account details: Usernames, email addresses, password hashes, names, surnames, and phone numbers.
- Booking information: Full names, addresses, postcodes, cities, provinces, countries, and identification numbers.
- Flight and passenger records: Contact details for bookings, passenger names, identification numbers, birthdates, and ticket details.
