Ransomware victim disclosure
← All victimsAeroméxico
Claimed by Hunters International · listed 9 months ago
Status timeline
- ListedOct 3, 2025
- Data leakeddate unknown
At a glance
- Status
- Data leaked
- Country
- Mexico
- Sector
- Transportation/Logistics
- Listed on leak site
- Oct 3, 2025
About the victim
AI dossier — public-source company profileAeroméxico is Mexico's flag carrier airline, founded in 1934 and headquartered in Mexico City. It operates scheduled passenger and cargo services to more than 90 destinations across Mexico, the Americas, the Caribbean, Europe, and Asia. Its primary hub is Mexico City's Benito Juárez International Airport, with secondary hubs in Guadalajara and Monterrey.
- Industry
- Commercial Aviation / Airline
- Address
- Paseo de la Reforma 445, Cuauhtémoc, 06500 Ciudad de México, CDMX, Mexico
- Employees
- 10000+
- Founded
- 1934
Attack summary
Severity: high — Aeroméxico is a major international flag carrier with millions of passengers; data_published status confirms exfiltration has occurred and data has been released, likely containing PII (passenger and employee records) and sensitive business data, affecting a critical transportation operator at national scale.Hunters International claims to have attacked Aeroméxico and has published data (disclosed status: data_published), indicating exfiltration of company data. The specific volume of data and whether encryption was also performed are not detailed in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Airline operational data
- Employee records
- Passenger/customer data
- Corporate documents
Original description
AI-summarised, not from the leak postAeroméxico is Mexico's flag carrier and a major international airline. Established in 1934, it operates scheduled services to more than 90 destinations in Mexico; North, South, and Central America; the Caribbean; Europe; and Asia. Its main hub is in Mexico City, with secondary hubs in Guadalajara and Monterrey. Aeroméxico is known for its high-quality services, including in-flight entertainment and meals.
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

