Ransomware victim disclosure
← All victimsFlughafen Hahn
listed as hahn-airport.de · Claimed by Safepay · listed 9 days ago
Status timeline
- ListedJul 6, 2026
- Data leakeddate unknown
At a glance
- Group
- Safepay
- Status
- Data leaked
- Country
- Germany
- Sector
- Transportation/Logistics
- Listed on leak site
- Jul 6, 2026
About the victim
AI dossier — public-source company profileFlughafen Hahn (HHN) is a commercial airport in Hahn, Germany, originally developed as a U.S. military air base and converted to civilian operations in 1993. The airport serves passenger and cargo operations, hosting airlines including Ryanair and offering standard airport services including terminal facilities, parking, and ground transportation.
- Industry
- Airport & Aviation Services
- Address
- Flughafen Hahn, Hahn, Germany
- Founded
- 1993
Attack summary
Severity: medium — Airport infrastructure compromise is operationally sensitive; however, no confirmed exfiltration of regulated data, no proof files mentioned, and no stated operational disruption in the available post excerpt. Classification reflects the critical nature of airport operations balanced against limited disclosure evidence.The SafePay group claims to have compromised Flughafen Hahn's systems. The leak post provides limited detail; the group appears to have conducted an intrusion but specific data exfiltration claims or operational impact are not detailed in the truncated excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- flight operations data
- passenger/booking systems
- employee records
- airport administrative records
What the group claims
Originally developed as a United States military air base, the facility began civilian operations in 1993 and has since become …
Sources
Source
Indexed 9 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

