The Everest ransomware group, notorious for its cybercriminal activities, has reportedly leaked a database purportedly belonging to AT&T Carrier, the official recruitment platform for the telecommunications giant. This platform is primarily used by applicants and employees for job applications, resume submissions, and managing career information.
In a further unsettling development, the group is allegedly offering sensitive data concerning 1.5 million Dublin Airport passengers for a price tag of $1 million, alongside the personal information of 18,000 Air Arabia employees listed for $2 million. These revelations pose significant threats to the privacy of numerous individuals associated with these organizations.
AT&T Carrier Database
The attack came to light on October 21, 2025, when Hackread.com reported that the group claimed to have compromised AT&T Carrier’s database. This database allegedly includes personal details of over half a million individuals, primarily comprising recruitment and employee records rather than customer information. The group issued an ultimatum to AT&T, demanding that the company respond within six days or face the ramifications of data exposure, which took place on the deadline day.
Analysis of the leaked information revealed the presence of two CSV files, identified as user_list and customer_list. The user_list file reportedly contains personal data—such as email addresses, full names, and phone numbers—of 429,103 individuals. Meanwhile, the customer_list includes similar information for 147,621 individuals. Despite reaching out for comment, AT&T has not yet responded to inquiries.
Dublin Airport Passenger Data
On October 25, 2025, the Everest group also implicated Dublin Airport as a victim, offering a dataset reportedly containing data on 1.5 million passengers. Within six days, the group threatened to publish this data if their demands were not met. A subsequent shift in their strategy appeared to shorten the timeline, with a new price of $1 million for the passenger dataset. The data allegedly encompasses crucial details, including flight dates, passenger IDs, and travel classes, all of which could be valuable for malicious actors.
The Irish media has corroborated the occurrence of this cyberattack, further emphasizing the potential scale of the breach and its impact.
Air Arabia Employee Data
Furthermore, the Everest ransomware group claims to have breached the records of 18,000 employees from Air Arabia, a budget airline based in the UAE. The stolen data reportedly merges personal and corporate information, which presents serious risks for identity fraud and impersonation. This tranche of data is purportedly being offered for $2 million, casting a wider net for malicious exploitation.
The compromised records are said to encompass various employee identifiers and organizational details that could facilitate targeted attacks, such as phishing or social engineering efforts. The breadth of the data underscores the urgency for robust cybersecurity measures and response strategies, particularly for organizations in high-risk sectors.
The claims made by the Everest group indicate an escalation in cyber threats faced by large corporations, with both AT&T and Air Arabia yet to respond adequately. While the authenticity of the stolen data remains to be confirmed, the implications for employees and passengers are significant. Organizations must stay vigilant and enhance their cybersecurity frameworks to counteract evolving threats in the digital landscape.
