Ransomware victim disclosure
← All victimsBerjaya Air
listed as berjaya-air.com · Claimed by LockBit · listed 7 months ago
Status timeline
- ListedDec 7, 2025
- Data leakeddate unknown
At a glance
- Group
- LockBit
- Status
- Data leaked
- Country
- Malaysia
- Sector
- Transportation/Logistics
- Listed on leak site
- Dec 7, 2025
About the victim
AI dossier — public-source company profileBerjaya Air is a Malaysian premium regional airline established in 1989 as part of the Berjaya Group, operating out of Subang Airport. The carrier offers scheduled flights to destinations including Redang, Koh Samui, Medan, and Singapore's Seletar Airport, alongside private charter services. The airline positions itself as a luxury travel provider with curated dining and bespoke in-flight service.
- Industry
- Regional Airline & Private Charter
- Address
- Subang Airport, Shah Alam, Selangor, Malaysia
- Founded
- 1989
Attack summary
Severity: high — Data has been confirmed published by LockBit, indicating successful exfiltration. As an airline, the breach likely involves passenger PII, booking records, and potentially financial data, representing significant sensitive business and personal data exposure.LockBit claims to have attacked Berjaya Air and has published data (disclosed status: data_published), indicating exfiltration of company data; no ransom amount or specific data volume has been stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Company internal documents
- Passenger records (potential)
- Employee records (potential)
- Operational data
What the group claims
About Us BERJAYA AIR Established in 1989 as part of the dynamic Berjaya Group, Berjaya Air offers ex...
Sources
- Victim siteberjaya-air.com
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

