Irish authorities are scrambling to assess the fallout from a cyber-breach at Collins Aerospace, the third-party provider that prints and encodes boarding cards for Dublin and Cork airports. Collins confirmed on 27 October that a criminal ransomware gang posted files containing booking references, names and frequent-flyer numbers belonging to passengers who travelled through the two Irish hubs in August. The Dublin Airport Authority (DAA) stressed that its own IT systems were not penetrated and flight operations remain normal, but admitted “potentially millions” of people could be affected.
While no financial details or passports appear to have been leaked, security analysts warn that booking references can be paired with publicly available information to create convincing phishing scams or fraudulent itinerary changes. Swedish carrier SAS has already emailed customers urging vigilance, highlighting how deeply international airlines rely on Irish airport infrastructure to move passenger data securely.
Under the EU’s Network & Information Security (NIS2) Directive—which took effect in Ireland this month—airport operators face tighter incident-reporting deadlines and steeper fines for lapses in vendor oversight. DAA says it has notified the Data Protection Commission and hired forensic specialists to trace exactly what files left Collins’ network. If investigators determine that inadequate contractual safeguards were in place, Dublin Airport could still face regulatory penalties despite its own systems remaining untouched.
For global-mobility managers the breach is a reminder that advance passenger data now travels through a complex mesh of airlines, airports and service partners. Employers have begun advising staff who flew via Dublin or Cork in late summer to reset loyalty-programme passwords, watch for social-engineering calls purporting to reissue tickets, and file credit-monitoring alerts if unusual activity surfaces. Because Collins Aerospace also prints cards for other European gateways, experts fear the compromise could reverberate across multiple jurisdictions.
While no financial details or passports appear to have been leaked, security analysts warn that booking references can be paired with publicly available information to create convincing phishing scams or fraudulent itinerary changes. Swedish carrier SAS has already emailed customers urging vigilance, highlighting how deeply international airlines rely on Irish airport infrastructure to move passenger data securely.
Under the EU’s Network & Information Security (NIS2) Directive—which took effect in Ireland this month—airport operators face tighter incident-reporting deadlines and steeper fines for lapses in vendor oversight. DAA says it has notified the Data Protection Commission and hired forensic specialists to trace exactly what files left Collins’ network. If investigators determine that inadequate contractual safeguards were in place, Dublin Airport could still face regulatory penalties despite its own systems remaining untouched.
For global-mobility managers the breach is a reminder that advance passenger data now travels through a complex mesh of airlines, airports and service partners. Employers have begun advising staff who flew via Dublin or Cork in late summer to reset loyalty-programme passwords, watch for social-engineering calls purporting to reissue tickets, and file credit-monitoring alerts if unusual activity surfaces. Because Collins Aerospace also prints cards for other European gateways, experts fear the compromise could reverberate across multiple jurisdictions.
