Justicia Shipena
Hackers have threatened to release about 500GB of data stolen from the Namibia Airports Company (NAC).
On Thursday night, Communications Regulatory Authority of Namibia (Cran) executive for communication and consumer relations, Mufaro Nesongano, said unauthorised activity was detected within NAC’s network systems.
Mufaro said the attack has been linked to the INC Ransomware Group, which claimed on 19 March 2026 to have extracted large volumes of data and plans to make it public.
Mufaro said the group alleges it accessed financial records, human resources information, customer data and contact details, although none of the information has been released so far.
Mufaro said the hackers indicated the data would be published once a countdown timer expires, suggesting an attempt to pressure the company.
Mufaro said the INC Ransomware Group is a known cybercriminal organisation that has carried out multiple attacks worldwide across both public and private sectors.
Mufaro said NAC is the second entity in Namibia to be targeted by the group.
The same group also targeted Otjiwarongo Municipality last year.
This comes as, on Monday, the Namibia Cyber Security Incident Response Team (Nam-CSIRT) revealed that NAC had been hacked after disruptions were detected.
Mufaro said the group uses a double-extortion approach, where attackers steal data and also encrypt systems to force victims to comply with demands.
Mufaro said authorities are continuing to monitor the situation and have issued an advisory to organisations on how to strengthen cybersecurity systems.
Mufaro urged institutions to prioritise measures such as patch management, multi-factor authentication, staff awareness training, and the development of incident response and recovery plans.
Mufaro said these steps are necessary to reduce the risk of similar attacks and to protect sensitive information.
Meanwhile, the NAC has not released a statement regarding the incident.
This also follows a report on Wednesday, where Nam-CSIRT reported that more than 535 000 cyber vulnerabilities were recorded in Namibia between October and December 2025. It also detected 195 661 cyber events during the same period.
Nam-CSIRT reported new ransomware threats targeting organisations. One group, Genesis, moves through systems and encrypts data. Another group, Benzona, locks systems, steals data and demands payment within 72 hours.
Cran previously said these attacks are causing financial losses and disrupting services.
Between January and June 2025, Namibia recorded more than 1.1 million cyber threats and nearly one million system vulnerabilities.
In October last year, information and communication technology minister Emma Theofelus disclosed this data and said no system is completely immune to attacks.
In the same month, the Namibia Students Financial Assistance Fund (NSFAF) reported a data breach in which the personal information of more than 7 000 students was exposed online.
The cyber threats come as the Ministry of Information and Communication Technology is working on a data protection bill aimed at protecting personal information and improving trust in digital systems.
NAC joins a growing list of companies affected by cyber attacks. In December 2024, Telecom Namibia was hit by a ransomware attack, while Paratus was also targeted last year.
