Justicia Shipena
The Namibia Airports Company (NAC) says it is treating a reported cyber threat with urgency after a ransomware group claimed it accessed and stole company data.
In a statement shared on social media over the weekend, NAC said it is aware of claims by the INC Ransomware Group that it exfiltrated about 500 GB of data from its systems on 6 March 2026.
The group plans to publish it on the dark web.
“NAC takes this incident seriously and reiterates its commitment to transparency and will provide further updates as and when credible evidence emerges,” the company said.
NAC said investigations are ongoing and confirmed that airport operations across all its facilities remain functional.
“At this stage, investigations are ongoing, and crucially, airport operations across NAC-managed facilities remain functional,” the company said.
NAC added that it has strengthened system security and monitoring and is working with authorities and cybersecurity partners to respond to the incident.
This follows the Communications Regulatory Authority of Namibia (Cran) revealing last week that unauthorised activity had been detected within NAC’s network systems.
Cran executive for communication and consumer relations, Mufaro Nesongano, at that time said the attack has been linked to the INC Ransomware Group, which claimed on 19 March 2026 to have extracted large volumes of data.
Mufaro said the group alleges it accessed financial records, human resources information, customer data and contact details, although none of the information has been released so far.
He said the group indicated the data would be published once a countdown timer expires, suggesting an attempt to pressure the company.
The INC Ransomware Group is a known cybercriminal organisation that has carried out attacks in both public and private sectors.
According to Cran’s Namibia Cyber Security Incident Response Team (Nam-CSIRT), NAC is the second entity in Namibia to be targeted by the group, after the Otjiwarongo Municipality last year.
The group uses a double-extortion method, where attackers steal data and encrypt systems to force victims to comply with demands.
Nam-CSIRT said it continues to monitor the situation and has issued guidance to organisations on strengthening cybersecurity systems.
Mufaro also urged institutions to improve patch management, adopt multi-factor authentication, train staff and develop response and recovery plans.
The incident comes as Namibia faces rising cyber threats. Nam-CSIRT reported more than 535 000 cyber vulnerabilities between October and December 2025 and recorded 195 661 cyber events in the same period.
Between January and June 2025, the country recorded more than 1.1 million cyber threats and nearly one million system vulnerabilities.
