Ransomware victim disclosure
← All victimsKenya Airways
Claimed by Ransomexx · listed 3 years ago
Status timeline
- ListedDec 30, 2023
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileKenya Airways Ltd. is the flag carrier airline of Kenya, founded in 1977 following the dissolution of East African Airways. Headquartered in Embakasi, Nairobi, with its main hub at Jomo Kenyatta International Airport, it operates regional and international flights across Africa, Europe, Asia, and the Americas.
- Industry
- Air Transportation
- Address
- Embakasi, Nairobi, Kenya
- Founded
- 1977
Attack summary
Severity: high — Confirmed exfiltration of sensitive PII at scale (staff records, passport data) combined with operational data (accident records) from a critical infrastructure operator (national flag carrier). Data publication without ransom demand suggests real breach.Ransomexx claims to have exfiltrated data from Kenya Airways including accident records, staff IDs, personnel files, passport information, and staff death records. The group has published data but no ransom demand is stated.
Data the group says was taken
AI dossier — extracted from the leak post- Accident records
- Staff IDs
- Personnel files
- Passport information
- Staff death records
What the group claims
Kenya Airways Ltd., more commonly known as Kenya Airways, is the flag carrier airline of Kenya. The company was founded in 1977, after the dissolution of East African Airways. Its head office is located in Embakasi, Nairobi, with its hub at Jomo Kenyatta International Airport. Accidents, IDs, cases, passports, staff death, etc.
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

