Justicia Shipena
Information obtained during a cyberattack on the Namibia Airports Company (NAC) has been released on the dark web. NAC confirmed this on Saturday.
NAC said early findings show the leaked data includes files for the airport permit system, parking management records, engineering and project documents, financial records and internal reports.
The company said it is still verifying the full extent of the breach and assessing whether sensitive or personal information has been affected.
NAC said it acted after detecting the incident and has since strengthened its cybersecurity systems.
It said airport operations, safety and security remain unaffected.
The breach follows a claim by the INC Ransomware Group that it accessed and exfiltrated about 500GB of data from NAC systems on 6 March 2026.
At the time, NAC said investigations were ongoing and confirmed that operations across its facilities remained functional.
The Communications Regulatory Authority of Namibia (Cran) later confirmed unauthorised activity in NAC systems.
Its cyber unit, Namibia Cyber Security Incident Response Team (Nam-CSIRT), said the group claimed on 19 March 2026 to have extracted large volumes of data.
Cran’s executive for communication and consumer relations Mufaro Nesongano, said the group alleged it accessed financial records, human resources data, customer information and contact details and had threatened to publish the data.
Nam-CSIRT also confirmed on Sunday that part of the data has now been published online.
The unit said verification is ongoing to determine the full impact and whether sensitive or personal data has been compromised.
It said response efforts continue with external cybersecurity specialists, including forensic investigations and system upgrades.
Nesongano urged the public to avoid sharing unverified information.
“While we acknowledge the public interest in this matter, it is important that information related to the incident is handled responsibly. The circulation of unverified or compromised data may unintentionally place individuals and organisations at further risk,” he said.
Nam-CSIRT said it continues to monitor the situation and has advised organisations to strengthen cybersecurity through system updates, multi-factor authentication and staff awareness.
The group uses a method where it steals data and encrypts systems to force victims to comply with demands.
Nam-CSIRT said NAC is the second entity in Namibia to be targeted by the group after an incident in Otjiwarongo last year.
The case comes as cyber threats increase in Namibia.
Nam-CSIRT reported more than 535 000 system vulnerabilities between October and December 2025 and recorded 195 661 cyber events in the same period.
Between January and June 2025, the country recorded more than 1.1 million cyber threats and nearly one million system vulnerabilities.
