Dublin/Cork, Ireland – The exact number of passengers impacted by a significant data breach involving boarding pass information from Dublin Airport flights in August remains unconfirmed, though sources suggest it could potentially run into the hundreds of thousands.
The breach is linked to a third-party supplier, Collins Aerospace, which provides critical IT services to airport operator daa. The compromised data specifically involves boarding passes issued for departures from Dublin Airport throughout the entire month of August 2025 (August 1st to August 31st).
daa confirmed yesterday that an investigation has been launched following the discovery. The incident came to light last Friday when daa received information that a file on the compromised Collins Aerospace server may have been exposed online by a cyber-criminal group.
During August, Dublin Airport recorded a total of 3.8 million passenger journeys.
Regulatory Action and Company Response
daa first notified the Data Protection Commission (DPC) about the breach on September 19th, subsequent to being informed by Collins Aerospace about the compromise of its IT systems.
A daa spokesperson stated: “daa is aware of a data security incident involving a third-party supplier, Collins Aerospace. The matter is under active investigation, and we are working closely with our regulators (IAA, DPC & NCSC) and affected airline partners. At this time, there is no evidence of any direct impact on daa systems.”
The spokesperson advised passengers who travelled in August: “Passengers who travelled in August do not need to take any immediate action but should remain alert to any unusual activity related to their bookings.”
The DPC confirmed it is engaged with daa on the matter. Deputy Commissioner Graham Doyle stated, “I can confirm that we have received a breach notification in relation to this matter and are engaging with daa on it.”
Uncertainty Over Data Type
Crucially, the type of specific information exposed in the boarding passes has not yet been revealed. This ambiguity adds to passenger concerns, as boarding pass data can sometimes contain details relevant for identity theft or travel-related fraud.
The investigation is ongoing to determine the full scope and nature of the exposed data.
