The Namibia Airports Company (NAC) has confirmed that data stolen during a recent cyberattack on the company has been released on the dark web.
NAC spokesperson Dan Kamati in a press statement on Saturday says preliminary investigations have revealed that the data exposed includes airport permit system files, parking management databases, engineering and project documents, financial records, and certain internal reports.
Investigations into the attack last week confirmed INC Ransom Group, a worldwide cybercriminal organisation, was responsible for the attack.
The group has claimed to have exfiltrated about 500GB of data and said it was going to disclose the information once a timer lapses.
“The NAC is actively verifying the scope of this exposure to establish whether sensitive or personal information has been compromised.
“Immediate containment measures were implemented following the incident, and additional safeguards have been deployed to strengthen our defences,” he says.
Kamati says operations across all its facilities remain fully functional despite the release of its data on the dark web and that the airport’s safety and security remains unaffected.
The NAC says accountability, resilience, and stakeholders remain a priority.
The company will provide further information once it becomes available, it says.
INC Ransomware Group is a highly active and sophisticated cybercriminal organisation responsible for numerous attacks worldwide, across both public and private sectors.
It employs double-extortion tactics, combining data theft with the encryption of critical information to increase pressure on victims.
In an age of information overload, Sunrise is The Namibian’s morning briefing, delivered at 6h00 from Monday to Friday. It offers a curated rundown of the most important stories from the past 24 hours – occasionally with a light, witty touch. It’s an essential way to stay informed. Subscribe and join our newsletter community.
The Namibian uses AI tools to assist with improved quality, accuracy and efficiency, while maintaining editorial oversight and journalistic integrity.
Stay informed with The Namibian – your source for credible journalism. Get in-depth reporting and opinions for
only N$85 a month. Invest in journalism, invest in democracy –
Subscribe Now!
Facts Only
The Namibia Airports Company (NAC) confirmed data stolen in a cyberattack was released on the dark web.
NAC spokesperson Dan Kamati issued a press statement on Saturday regarding the incident.
Preliminary investigations revealed exposed data includes airport permit system files, parking management databases, engineering and project documents, financial records, and internal reports.
The cyberattack was confirmed to be carried out by the INC Ransom Group, a global cybercriminal organization.
The group claimed to have exfiltrated about 500GB of data and threatened to disclose it once a timer lapsed.
The NAC is verifying whether sensitive or personal information was compromised.
Immediate containment measures were implemented, and additional safeguards were deployed.
Operations across all NAC facilities remain fully functional, and airport safety and security are unaffected.
The INC Ransomware Group uses double-extortion tactics, combining data theft with encryption.
The NAC has prioritized accountability, resilience, and stakeholder communication.
Further updates will be provided as information becomes available.
Executive Summary
Full Take
**Steelman:** The strongest version of this narrative is that the NAC is transparently addressing a significant cybersecurity breach while maintaining operational integrity. The report acknowledges the severity of the attack, attributes it to a known sophisticated threat actor, and outlines concrete steps taken to mitigate damage. The emphasis on operational continuity and stakeholder communication suggests a commitment to accountability.
**Pattern Scan:** The narrative avoids emotional exploitation or distortion, presenting facts without sensationalism. However, the inclusion of a subscription pitch for *The Namibian* at the end introduces a potential conflict of interest, as it blends journalism with commercial promotion. This could be seen as a mild form of **ARC-0024 Ambiguity**, where the boundary between news and advertising is blurred.
**Root Cause:** The paradigm here is one of institutional resilience in the face of cyber threats. The unstated assumption is that transparency and rapid response can restore trust, even when sensitive data is compromised. This echoes broader trends in cybersecurity, where organizations must balance disclosure with damage control.
**Implications:** For human agency, this highlights the vulnerability of critical infrastructure to cybercrime, raising questions about data protection and institutional preparedness. The costs are borne by the NAC and potentially affected individuals, while the benefits accrue to cybercriminals and, indirectly, to cybersecurity firms offering solutions.
**Bridge Questions:**
How might this breach affect public trust in the NAC’s ability to safeguard personal data?
What systemic vulnerabilities in airport cybersecurity does this incident expose?
If the INC Ransomware Group’s claims are verified, what does this reveal about the effectiveness of current cybersecurity measures?
**Counterstrike Scan:** A coordinated influence campaign might exploit this breach to undermine trust in Namibian institutions or promote specific cybersecurity vendors. However, the actual content does not align with such a playbook. The reporting remains factual, and the subscription pitch, while present, does not distort the core narrative. No structural alignment with manipulation tactics is detected.
**Patterns detected: ARC-0024 Ambiguity (mild, due to subscription pitch)**
