- Qilin ransomware gang claims Tulsa International Airport data breach
- Leaked samples include management emails, IDs, financial and governance documents
- The group is a major RaaS threat, breaching 1,000+ organizations by 2025, 50+ by January 2026
Russian ransomware operators Qilin have claimed to have broken into Tulsa International Airport and stolen an unspecified amount of sensitive corporate data.
A report from Cyber news says the group recently added the airport to their data leak site and included 18 samples as proof of their claims.
The researchers analyzed the samples and found they included C-suite emails as well as email correspondence between executives and “senior bank officials” outside the airport. The data also apparently includes copies of employee IDs, driver’s licenses and passports, but also annual budget and revenue spreadsheets, confidentiality and non-disclosure agreements, telehealth reports, government meeting minutes, insurance documents, bank communications, tenant databases, vendor revenue sheets and court documents.
Who is Qilin?
Cyber news neither confirmed nor denied the authenticity of the samples posted, but said they dated between 2022 and 2025, which would make them fairly fresh and useful to criminals.
Tulsa International Airport in Oklahoma is a medium-sized commercial airport that handles about 80 flights per day to more than 20 domestic destinations. Airlines include Southwest, American, Delta and United, and the airport serves more than 3 million passengers a year.
It supports a regional aviation ecosystem with thousands of employees across airlines, airport operations and on-site aerospace companies, contributing to an estimated 40,000 jobs and about $6 billion in annual economic impact for the area.
Qilin was first discovered four years ago and has since moved up the ranks to become one of the top ransomware threats in 2026, reportedly breaching more than 1,000 organizations by 2025.
It is a Russian-speaking ransomware-as-a-service (RaaS) with several affiliates whose identities are not known at this time. The airport has not yet issued an official statement about the attack.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
